Information recording apparatus, information reproducing apparatus, and information distribution system

ABSTRACT

An information recording apparatus comprises an encryption section encrypting contents information and also a license condition referred to limit use of the contents information and a decoding key for decoding the encrypted contents information to generate license information, and a recording section recording the encrypted contents information and the generated license information on a recording medium. An information reproducing apparatus comprises a decoder unit decoding the license information recorded on the recording medium using a second decoding key for decoding the license information and deciding on the basis of the license condition contained in the decoded license information whether the contents information can be used. If it is decided that the contents information can be used, the encrypted contents information recorded on the recording medium is decoded using the first decoding key contained in the decoded license information.

BACKGROUND OF THE INVENTION

The present invention relates to an information recording apparatus forrecording information on a recording medium such as a DVD, aninformation reproducing apparatus for reproducing information recordedon a recording medium such as a DVD, and an information distributionsystem including an information recording/reproducing apparatus forcharging for use of information recorded on a recording medium ordistributed through a network or by broadcasting.

In recent years, the advance of digital information processingtechnology and communication technology such as a broadband ISDN, andthe development of an advanced information recording medium such as aDVD which realizes a large capacity and high-quality image and sound areprogressing. Along with such development of a variety of advancedinformation transmission means, the circumstances are allowing users tomake use of an enormous number of digitized works which are distributedto the users through a network, a recording medium, or the like. Thesecircumstances increase opportunities for copies and alterations withoutpermission of authors or distribution unintended by authors, socopyright holders are anxious about infringement on their benefits.

An important challenge for wiping out such anxiety of copyright holdersis the development of a system which allows quick and easy distributionof digitized works and provides a fair digital information usageenvironment assuming protection by copyright.

A DVD is a large-capacity personal computer medium replacing a CD-ROM,and various applications to movie, music, game, karaoke, and the likecan be expected. For popularization of DVDs, inexpensive DVD titles orspread of a rental DVD market is expected. From these viewpoints aswell, it is essential to provide an information distribution systemassuming protection by copyright of information, i.e., a system based ona concept of charging not for possession of a digitized work recorded ona recording medium such as a DVD but for use of the digitized work.

BRIEF SUMMARY OF THE INVENTION

It is an object of the present invention to provide an informationrecording apparatus, an information reproducing apparatus, and anaccounting apparatus to constitute an information distribution systemwhich allows quick and easy distribution of digitized works and providesa digital information usage environment assuming protection bycopyright.

It is another object of the present invention to provide an informationrecording apparatus for quickly and easily distributing digitized workswhich are distributed through a network or a recording medium andconstituting a digital information usage environment assuming protectionby copyright by charging for use of digital information, an apparatusfor reproducing the recorded information, and an accounting apparatusfor charging for use of information.

According to an aspect of the present invention, there is provided aninformation recording apparatus comprising an encryption section forencrypting contents information, a license information generator forencrypting at least a license condition referred to limit use of thecontents information and a decoding key for decoding the encryptedcontents information to generate license information, and a recordingsection for recording the contents information encrypted by theencryption section and the license information generated by the licenseinformation generator on a recording medium.

According to another aspect of the present invention, there is providedan information reproducing apparatus comprising a storage section forstoring second decoding key information for decoding licenseinformation, a first decoder section for decoding the licenseinformation recorded on the recording medium using the second decodingkey stored in the storage section, a decision section for deciding, onthe basis of a license condition contained in the license informationdecoded by the first decoder section, whether contents information canbe used, a second decoder section for decoding the encrypted contentsinformation recorded on the recording medium using the first decodingkey contained in the license information decoded by the first decodersection when the decision section decides that the contents informationcan be used, and a reproduction section for reproducing the contentsinformation decoded by the second decoder section.

According to the information recording apparatus of the presentinvention, the encrypted contents information and the license conditionof the contents information are in separately recorded on the recordingmedium. only the information reproducing apparatus having an authenticdecoding key for decoding the license information can reproduce thecontents information recorded on the recording medium. In addition,since, before decoding, it is always decided on the basis of the licensecondition contained in the license information whether the contentsinformation can be used, use of the contents information under anillicit use condition is disabled. Therefore, digital informationassuming protection by copyright of the contents information can bequickly and easily distributed.

According to still another aspect of the present invention, there isprovided an accounting apparatus for charging for use of contentsinformation recorded on a recording medium, comprising an input sectionfor inputting a desired condition for use of the contents informationrecorded on the recording medium, a fee claiming section for claiming afee for use of the contents information on the basis of the conditioninput by the input section, and a recording section for, upon confirmingfee payment in response to the claim, recording, on the recordingmedium, license information containing at least a license condition forlimiting use of the contents information recorded on the recordingmedium on the basis of the condition input by the input section. Withthis arrangement, for the recording medium on which the contentsinformation and the license information containing the license conditionfor limiting use of the contents information are recorded, appropriatecharging for use of the contents information is enabled. In addition,digital information assuming protection by copyright of the contentsinformation can be quickly and easily distributed.

According to still another aspect of the present invention, there isprovided an accounting apparatus for charging for use of contentsinformation through a recording medium on which contents information andencrypted license information containing at least a license conditionreferred to limit the use of the contents information are recorded,comprising a license information input section for inputting theencrypted license information recorded on the recording medium, adecoder section for decoding the encrypted license information input bythe license information input section, a condition acceptance sectionfor accepting a desired condition for use of the contents information, afee claiming section for claiming a fee for use of the contentsinformation on the basis of the condition accepted by the conditionacceptance section, a license information update section for, uponconfirming fee payment in response to the claim, updating the licenseinformation decoded by the decoder section, on the basis of thecondition input by the condition input section, an encryption sectionfor encrypting the license information updated by the licenseinformation update section, and an output section for outputting thelicense information encrypted by the encryption section. With thisarrangement, for the recording medium on which the contents informationand the license information containing the license condition forlimiting use of the contents information are recorded, appropriat =echarging for use of the contents information is enabled. In addition,digital information assuming protection by copyright of the contentsinformation can be quickly and easily distributed.

According to still another aspect of the present invention, there isprovided a decision apparatus for deciding, on the basis of encryptedlicense information containing at least a license condition referred toto limit use of contents information and key information for decodingthe contents information, whether the contents information can be used,comprising a key generator for generating a public key used to encryptthe license information and a secret key for decoding the licenseinformation at a predetermined timing, the secret key corresponding tothe public key, a decoder section for decoding the input licenseinformation using the secret key generated by the key generator, adecision section for deciding, on the basis of the license conditioncontained in the license information decoded by the decoder section,whether the contents information can be decoded, and an output sectionfor outputting key information contained in the license informationdecoded by the decoder section when the decision section decides thatthe contents information can be used.

According to the present invention, since the secret parameter fordecoding the license information is generated in a decoder unit A at apredetermined timing and used only within a predetermined period,information security for the license information containing the licensecondition of the contents information and contents information decodingkey can be improved.

According to an update apparatus of the present invention, which updateslicense information on the basis of a request for updating the licenseinformation upon receiving at least a newly designated license conditionand second key generation information necessary for generating secondkey information from a decision device for deciding, on the basis ofencrypted license information containing at least a license conditionreferred to to limit use of contents information, encrypted first keyinformation for decoding the contents information, and first keygeneration information necessary for generating the second keyinformation for decoding the encrypted first key information, whetherthe contents information can be used, the license condition and thefirst key generation information are updated, the second key informationis updated on the basis of the updated first key generation informationand the second key generation information, and the first key informationis encrypted using the updated second key information to generateencrypted license information containing at least the updated licensecondition, the first key information encrypted using the updated secondkey information, and the updated first key generation information.

According to the present invention, when the license information is tobe updated, the license information can be updated while ensuring theinformation security without supplying the contents decoding key.

According to an update apparatus of the present invention, which updateslicense information on the basis of a request for updating the licenseinformation upon receiving at least a newly designated licensecondition, second key generation information necessary for generatingsecond key information, and an updated public key from a decision devicefor deciding, on the basis of the license information containing atleast a license condition referred to to limit use of contentsinformation, encrypted first key information for decoding the contentsinformation, and first key generation information necessary forgenerating the second key information for decoding the encrypted firstkey information, whether the contents information can be used, thelicense information being encrypted using a public key, the licensecondition and the first key generation information are updated, thesecond key information is updated on the basis of the updated first keygeneration information and the second key generation information, andthe first key information is encrypted using the updated second keyinformation to generate license information containing at least theupdated license condition, the first key information encrypted using theupdated second key information, and the updated first key generationinformation, and the generated license information is encrypted usingthe supplied public key.

According to the present invention, when the license information is tobe updated, the license information can be updated while ensuring theinformation security without supplying the contents decoding key.

According to the present invention, there is provided an informationusage apparatus which receives encrypted first key information fordecoding encrypted contents information and first key generationinformation necessary for generating second key information for decodingthe first key information and decodes and uses the contents information,wherein second key generation information necessary for generating thesecond key information for decoding the first key information is held,the second key information is generated on the basis of the second keygeneration information and the input first key generation information,and the encrypted contents information is decoded using the generatedsecond key information.

According to the present invention, since the decoding key (first keyinformation) of the contents information is input to the informationusage apparatus while being kept encrypted, the information securitybetween the device for outputting the first key information and theinformation usage apparatus can be improved.

According to still another aspect of the present invention, there isprovided an information reproducing apparatus for reproducing contentsinformation from a recording medium on which encrypted contentsinformation and license information containing at least a licensecondition referred to to limit use of the contents information and firstkey information for decoding the contents information are recorded,comprising an instrument section for measuring a date and time, adecision section for deciding, on the basis of the date and timemeasured by the instrument section and the license information recordedon the recording medium, whether the contents information can be used,and an information reproduction section for, when the decision sectiondecides that the contents information can be used, decoding andreproducing the contents information recorded on the recording mediumusing the first key information output from the decision section,wherein information for notifying the decision section of the date andtime from the instrument section and the first key information outputfrom the decision section to the information reproduction section areencrypted.

According to the present invention, the security of information to betransferred among the functional units (the instrument section, thedecision section, and the information reproduction section) in theinformation generation device can be improved.

According to still another aspect of the present invention, there isprovided an information recording method of recording, on a recordingmedium on which at least encrypted contents information is recorded,encrypted license information containing at least a license conditionreferred to limit use of the contents information and a decoding key ofthe contents information, comprising transmitting information fordesignating second key information for encrypting first key informationfor encrypting the license information to a decision device for decidingwhether the contents information can be used, receiving, from theportable recording medium, the first key information for encrypting thelicense information, which is encrypted using the designated second keyinformation, and recording, on the recording medium, license informationgenerated on the basis of a designated license condition and encryptedusing the first key information.

According to the present invention, the contents information recorded onthe recording medium cannot be normally decoded unless the decisiondevice which has been used to record the license information in therecording medium is not used. Therefore, illicit use of the contentsinformation can be prevented.

Additional objects and advantages of the invention will be set forth inthe description which follows, and in part will be obvious from thedescription, or may be learned by practice of the invention. The objectsand advantages of the invention may be realized and obtained by means ofthe instrumentalities and combinations particularly pointed outhereinbefore.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING

The accompanying drawings, which are incorporated in and constitute apart of the specification, illustrate presently preferred embodiments ofthe invention, and together with the general description given above andthe detailed description of the preferred embodiments give below, serveto explain the principles of the invention.

FIG. 1 is a block diagram showing the first arrangement of aninformation recording apparatus according to the first embodiment of thepresent invention;

FIG. 2 is a flow chart for explaining the operation of the firstinformation recording apparatus shown in FIG. 1;

FIG. 3 is a block diagram showing the second arrangement of theinformation recording apparatus according to the first embodiment of thepresent invention;

FIG. 4 is a flow chart for explaining the operation of the secondinformation recording apparatus shown in FIG. 3;

FIGS. 5 and 5B are views for explaining a method of separatingaccounting object information;

FIGS. 6A and 6B are views for explaining another method of separatingaccounting object information;

FIG. 7 is a block diagram showing the third arrangement of theinformation recording apparatus according to the first embodiment of thepresent invention;

FIG. 8 is a block diagram showing the first arrangement of aninformation reproducing apparatus according to the first embodiment ofthe present invention;

FIG. 9 is a block diagram showing an arrangement of a decoder unit shownin FIG. 8;

FIG. 10 is a flow chart for explaining the operation of the firstinformation reproducing apparatus shown in FIG. 8;

FIG. 11 is a flow chart for explaining the operation of the decoder unitshown in FIG. 9;

FIG. 12 is a block diagram showing another arrangement of the decoderunit having a clock for disabling time update;

FIG. 13 is a flow chart for explaining the operation of the clock of thedecoder unit, which disables time update;

FIG. 14 is a flow chart for explaining the operation of the decoder unitshown in FIG. 12;

FIG. 15 is a block diagram showing an arrangement of the clock of thedecoder unit capable of updating time;

FIG. 16 is a flow chart for explaining the time update operation of theclock shown in FIG. 15;

FIG. 17 is a view showing a system constituted by a client and a serverto update time of the clock of the decoder unit through a network;

FIG. 18 is a block diagram showing an arrangement of a time settingclient shown in FIG. 17;

FIG. 19 is a block diagram showing an arrangement of a time settingserver shown in FIG. 17;

FIG. 20 is a flow chart for explaining the operation of the time settingclient shown in FIG. 18;

FIG. 21 is a flow chart for explaining the operation of the time settingserver shown in FIG. 19;

FIG. 22 is a flow chart for explaining the operation of the time settingserver shown in FIG. 19;

FIG. 23 is a block diagram showing an arrangement of a clockincorporated in the time setting client shown in FIG. 18;

FIG. 24 is a flow chart for explaining the operation of the clock shownin FIG. 23;

FIG. 25 is a flow chart for explaining the operation of the clock shownin FIG. 23;

FIG. 26 is a block diagram showing an arrangement of an informationreproducing apparatus (second information reproducing apparatus) havinga function of updating license information and performing charging;

FIG. 27 is a block diagram showing an arrangement of a decoder unitshown in FIG. 26;

FIG. 28 is a flow chart for explaining the operation of the decoder unitshown in FIG. 27;

FIG. 29 is a block diagram showing an arrangement of a licenseinformation update client section shown in FIG. 26;

FIG. 30 is a flow chart for explaining the operation of the licenseinformation update client section shown in FIG. 29;

FIG. 31 is a block diagram showing an arrangement of a licenseinformation update server shown in FIG. 26;

FIG. 32 is a flow chart for explaining the operation of the licenseinformation update server shown in FIG. 31;

FIG. 33 is a view showing an example of contents of fee claiming for useof accounting object information output from the license informationupdate server;

FIG. 34 is a flow chart for explaining the operation of the entiresystem (the server and the client communicating with each other throughthe network) shown n FIG. 26;

FIG. 35 is a block diagram showing an arrangement of a licenseinformation update unit;

FIG. 36 is a flow chart for explaining the operation of the licenseinformation update unit shown in FIG. 35;

FIG. 37 is a flow chart for explaining the operation of the licenseinformation update unit shown in FIG. 35;

FIG. 38 is a block diagram showing an arrangement of an accountingapparatus for charging for use of accounting object information;

FIG. 39 is a block diagram showing an arrangement of a decoder unit inan information reproducing apparatus with a measure for an illicit copyof accounting object information (decision is made on the basis of adecoder unit ID);

FIG. 40 is a flow chart for explaining the operation of the decoder unitshown in FIG. 39;

FIG. 41 is a block diagram showing an arrangement of a licenseinformation update unit with a measure for an illicit copy of accountingobject information;

FIG. 42 is a flow chart for explaining the operation of the licenseinformation update unit shown in FIG. 41;

FIG. 43 is a block diagram showing another arrangement of the decoderunit with a measure for an illicit copy of accounting object information(decision is made on the basis of a decoder unit ID and medium ID);

FIG. 44 is a flow chart for explaining the operation of the decoder unitshown in FIG. 43;

FIG. 45 is a block diagram showing an arrangement of a copyingapparatus;

FIG. 46 is a flow chart for explaining the operation of the copyingapparatus shown in FIG. 45;

FIG. 47 is a block diagram showing an arrangement of a licenseinformation copy unit shown in FIG. 45;

FIG. 48 is a flow chart for explaining the operation of the licenseinformation copy unit shown in FIG. 47;

FIG. 49 is a block diagram showing an arrangement of an informationreproducing apparatus (third information reproducing apparatus)according to the first embodiment of the present invention, whichreproduces subsidiary information;

FIG. 50 is a block diagram showing an arrangement of the thirdinformation reproducing apparatus shown in FIG. 49;

FIG. 51 is a block diagram showing an arrangement of a decoder unitshown in FIG. 49;

FIG. 52 is a flow chart for explaining the operation of the decoder unitshown in FIG. 51;

FIG. 53 is a block diagram showing an arrangement of an informationdistribution system using the information recording apparatus andinformation reproducing apparatus of the present invention;

FIG. 54 is a block diagram showing an arrangement of a decoder unit Aaccording to the second embodiment of the present invention;

FIG. 55 is a view showing an example of license information input to thedecoder unit A;

FIG. 56 is a view showing an example of updated information output fromthe decoder unit A;

FIG. 57 is a flow chart for explaining the processing operation of thedecoder unit A;

FIG. 58 is a flow chart for explaining the schematic procedure of keygeneration processing in a key holder section and key generation sectionof the decoder unit A;

FIG. 59 is a block diagram showing an arrangement of a decoder unit B;

FIG. 60 is a view showing an example of license information input to thedecoder unit B;

FIG. 61 is a flow chart for explaining the processing operation of thedecoder unit B;

FIG. 62 is a view showing an example of updated information output fromthe decoder unit B;

FIG. 63 is a block diagram showing an arrangement of a decoder unit C;

FIG. 64 is a view showing an example of updated information output fromthe decoder unit C;

FIG. 65 is a block diagram showing an arrangement of a decoder unit D;

FIG. 66 is a view showing an example of license information input to thedecoder unit D;

FIG. 67 is a flow chart for explaining the processing operation of thedecoder unit D;

FIG. 68 is a flow chart for explaining the processing operation of thedecoder unit D;

FIG. 69 is a view showing an example of updated information output fromthe decoder unit D;

FIG. 70 is a block diagram showing an arrangement of a decoder unit D′;

FIG. 71 is a block diagram showing an arrangement of a licenseinformation update apparatus corresponding to the decoder unit A;

FIG. 72 is a flow chart for explaining the processing operation of thelicense information update apparatus shown in FIG. 71;

FIG. 73 is a block diagram showing an arrangement of a licenseinformation update apparatus corresponding to the decoder unit B;

FIG. 74 is a flow chart for explaining the processing operation of thelicense information update apparatus shown in FIG. 73;

FIG. 75 is a block diagram showing an arrangement of an informationdistribution system according to the third embodiment;

FIG. 76 is a block diagram showing another arrangement of theinformation distribution system according to the third embodiment;

FIG. 77 is a block diagram showing an arrangement of the main part of aninformation reproducing apparatus in which a decoding decision card ismounted;

FIG. 78 is a flow chart for explaining the processing operation of theinformation reproducing apparatus shown in FIG. 77 which is used in theinformation distribution system shown in FIG. 75;

FIG. 79 is a block diagram showing an arrangement of the main part ofthe decoding decision card;

FIG. 80 is a flow chart for explaining the processing operation of thedecoding decision card shown in FIG. 79;

FIG. 81 is a block diagram showing an arrangement of a time transfersection in the decoding decision card shown in FIG. 79;

FIG. 82 is a block diagram showing an arrangement of a certificationsection in the time transfer section shown in FIG. 81;

FIG. 83 is a flow chart for explaining the processing operation of thecertification section shown in FIG. 82;

FIG. 84 is a block diagram showing an arrangement of a contents keytransfer section in the decoding decision card shown in FIG. 79;

FIG. 85 is a block diagram showing an arrangement of a certificationsection in the contents key transfer section shown in FIG. 84;

FIG. 86 is a flow chart for explaining the processing operation of thecertification section shown in FIG. 85;

FIG. 87 is a block diagram showing an arrangement of a clock shown inFIG. 77;

FIG. 88 is a block diagram showing an arrangement of a certificationsection in the clock shown in FIG. 87;

FIG. 89 is a flow chart for explaining the processing operation of thecertification section shown in FIG. 88;

FIG. 90 is a block diagram showing an arrangement of a decoding decisionsection shown in FIG. 79;

FIG. 91 is a flow chart for explaining the processing operation of thedecoding decision section shown in FIG. 90;

FIG. 92 is a block diagram showing an arrangement of an informationreproduction section shown in FIG. 77;

FIG. 93 is a flow chart for explaining the processing operation of theinformation reproduction section shown in FIG. 92;

FIG. 94 is a block diagram showing an arrangement of a certificationsection in the information reproduction section shown in FIG. 92;

FIG. 95 is a flow chart for explaining the processing operation of thecertification section shown in FIG. 94;

FIG. 96 is a block diagram showing another arrangement of theinformation reproduction section shown in FIG. 77;

FIG. 97 is a block diagram showing an arrangement of a license updateapparatus;

FIG. 98 is a flow chart for explaining the processing operation of thelicense update apparatus;

FIG. 99 is a block diagram showing an arrangement of the main part of adecoding decision card as an interface with the update IF of the licenseupdate apparatus;

FIG. 100 is a flow chart for explaining the processing operation of thedecoding decision card in updating the license;

FIG. 101 is a block diagram showing an arrangement of a license server;

FIG. 102 is a flow chart for explaining the processing operation of thelicense server;

FIG. 103 is a block diagram showing a system configuration constitutedby a user terminal, a license server, and an electronic bankingapparatus in updating the license using electronic banking;

FIG. 104 is a block diagram showing an arrangement of a license updateapparatus in the system configuration shown in FIG. 103;

FIG. 105 is a block diagram showing an arrangement of the license serverin the system configuration shown in FIG. 103;

FIG. 106 is a flow chart for explaining the processing operation of theentire system in updating the license in the system configuration shownin FIG. 103;

FIG. 107 is a block diagram showing an entire arrangement of aninformation reproduction system according to the fourth embodiment ofthe present invention;

FIG. 108 is a block diagram showing an arrangement of a license decisionunit shown in FIG. 107;

FIG. 109 is a flow chart for explaining the processing operation of theinformation reproducing apparatus shown in FIG. 107;

FIG. 110 is a flow chart for explaining the processing operation of theinformation reproducing apparatus shown in FIG. 107;

FIG. 111 is a flow chart for explaining the processing operation of theinformation reproducing apparatus shown in FIG. 107 until licenseinformation is stored in a license database;

FIG. 112 is a flow chart for explaining the license information decodingkey generation processing of the information reproducing apparatus shownin FIG. 107;

FIG. 113 is a view showing a structure of contents information;

FIG. 114 is a view showing a structure of license information;

FIG. 115 is a view showing an example of storage of license informationin a license information database;

FIG. 116 is a view showing a structure of license update information;

FIG. 117 is a view showing another example of storage of licenseinformation in the license information database;

FIG. 118 is a block diagram showing another arrangement of theinformation reproducing apparatus shown in FIG. 107;

FIG. 119 is a block diagram showing another arrangement of the licensedecision unit shown in FIG. 107;

FIG. 120 is a flow chart for explaining the operation of the informationreproducing apparatus shown in FIG. 118 until encrypted licenseinformation and decoding key seed information are separated from areceived broadcasting wave to generate a decoding key;

FIG. 121 is a view showing an example of the data structure of abroadcasting wave;

FIG. 122 is a block diagram showing an arrangement of an informationdistribution system according to the fifth embodiment of the presentinvention;

FIG. 123 is a view showing an example of data recorded on a rental disk;

FIG. 124 is a view showing an example of storage of a disk key in acontents database prepared in a center;

FIG. 125 is a view schematically showing the disk key distributionscheme in the information distribution system shown in FIG. 122;

FIG. 126 is a block diagram showing an arrangement of a license creationdevice;

FIG. 127 is a block diagram showing an arrangement of a license issuingdevice;

FIG. 128 is a block diagram showing an arrangement of a card;

FIG. 129 is a block diagram showing an arrangement of a card adapter;

FIG. 130 is a block diagram showing an arrangement of a player;

FIG. 131 is a flow chart for explaining the disk information creationprocessing of the license creation device;

FIG. 132 is a view showing an example of storage of disk information ina license database in the license issuing device;

FIG. 133 is a view showing the schematic sequence of a disk keydistribution procedure in the information distribution system shown inFIG. 122 about subscription to a disk rental service, rental of a disk,and reproduction of contents;

FIG. 134 is a flow chart showing the disk key distribution procedureshown in FIG. 133 in more detail;

FIG. 135 is a flow chart showing the disk key distribution procedureshown in FIG. 133 in more detail;

FIG. 136 is a flow chart showing the disk key distribution procedureshown in FIG. 133 in more detail;

FIG. 137 is a flow chart showing the disk key distribution procedureshown in FIG. 133 in more detail;

FIG. 138 is a flow chart showing the disk key distribution procedureshown in FIG. 133 in more detail;

FIG. 139 is a flow chart showing the disk key distribution procedureshown in FIG. 133 in more detail;

FIG. 140 is a flow chart showing the disk key distribution procedureshown in FIG. 133 in more detail;

FIG. 141 is a view showing the schematic sequence of another disk keydistribution procedure in the information distribution system shown inFIG. 122 about subscription to a disk rental service, rental of a disk,and reproduction of contents;

FIG. 142 is a flow chart showing the disk key distribution procedureshown in FIG. 141 in more detail;

FIG. 143 is a flow chart showing the disk key distribution procedureshown in FIG. 141 in more detail;

FIG. 144 is a flow chart showing the disk key distribution procedureshown in FIG. 141 in more detail;

FIG. 145 is a flow chart showing the disk key distribution procedureshown in FIG. 141 in more detail:

FIG. 146 is a flow chart showing the disk key distribution procedureshown in FIG. 141 in more detail;

FIG. 147 is a flow chart for explaining encryption parameter updateprocessing;

FIG. 148 is a flow chart for explaining encryption parameter updateprocessing; and

FIG. 149 is a flow chart for explaining encryption parameter updateprocessing.

DETAILED DESCRIPTION OF THE INVENTION

Embodiments of the present invention will be described below withreference to the accompanying drawing.

The entire configuration of an information distribution system using aninformation recording apparatus and information reproducing apparatusaccording to the first embodiment of the present invention will bebriefly described first.

FIG. 53 shows an arrangement of an information distribution system usingthe information recording apparatus and information reproducingapparatus of the present invention. Referring to FIG. 53, a licenseinformation generation section 1002 and an information storage section1003 are equivalent to those shown in FIGS. 1, 3, 7, or the like, and adecoder unit 1013 is equivalent to that shown in FIG. 9, 12, 27, 39, 43,or the like. A reproduction section 1014 and a readout section 1012 arealso equivalent to those in the information reproducing apparatus shownin FIG. 8 or the like.

The operation of the entire system shown in FIG. 53 will be brieflydescribed below. Accounting object information is encrypted by anencryption key ke(1) (accounting object information ke(1)). First, adecoding key kd(1) of the accounting object information and a licensecondition such as an expiration date are input to the licenseinformation generation section 1002 (steps S701 and S702).

The license information generation section 1002 merges the decoding keykd(1) with the license condition and then performs encryption using theencryption key ke to generate license information and sends it to theinformation storage section 1003 (step S703). The encrypted accountingobject information is also input to the information storage section 1003(step S704) a nd recorded on an information storage section 1004together with the license information (step 705).

The information storage section 1004 comprises a medium such as aDVD-ROM, a DVD-RAM, or a hard disk. Information recorded on this mediumis transferred to another medium (i.e., an information storage section1015) directly or through broadcasting or the Internet and read out bythe readout section 1012 in an information reproducing apparatus 1011(step S706). The readout license information is sent to the decoder unit1013 (step S707). The de coder unit 1013 holding the decoding key kdcorresponding to the encryption key ke decodes the license informationand extracts the decoding key kd(1) and license condition of theaccounting object information. The decoder unit 1013 checks the licensecondition to decide whether the accounting object information can beused. If the accounting object information is usable, the decoder unitoutputs the decoding key kd(1) to the reproduction section 1014 (stepS708). The reproduction section 1014 extracts the [accounting objectinformation] ke(1) from the readout section 1012 (step S709) and decodesit using the decoding key kd(1) to reproduce the accounting objectinformation.

The decoder unit 1013 holds the decoding key kd and an algorithm fordecoding license information. To avoid attack on security, the decoderunit 1013 is preferably mounted not as software but as, e.g., an ICchip. In this case, the decoder unit 1013 comprises an IC chip having alicense information input section and an output section for outputtingthe decoding key of accounting object information (upon deciding thatthe accounting object information is usable). Decoding and decision ofthe use enable/disable condition are performed in the chip.

As one gist of the present invention, the license information generationsection 1002 merges the decoding key kd(1) of accounting objectinformation with the license condition and then performs encryption.Generally, encryption is performed by scrambling information bits to beencrypted. Therefore, once encryption is performed, two pieces ofinformation which have simultaneously been encrypted cannot be separated(without using decoding). It is important to disable separation ofaccounting object information from the license condition using thenature of encryption.

In the above-described example, the accounting object information isencrypted by the encryption key ke(1). Therefore,

1. To use the accounting object information, the decoding key kd(1) isrequired. However, the decoding key kd(1) is encrypted into licenseinformation such that the decoding key and the license condition areinseparable. Although the license information and the accounting objectinformation can be separated from each other, invalid licenseinformation does not contain the decoding key for properly decoding theaccounting object information, so “substitution” of license informationis meaningless.

2. To obtain the correct decoding key kd(1), valid license informationmust be decoded. However,

3. Only a proper decoder unit having the decoding key kd can performthis decoding.

4. The proper decoder unit always refers to the license conditioncontained in the license information to decide the use enable/disablecondition. Therefore,

5. In the apparatus including the license information generation sectionand decoder unit of the present invention, the accounting objectinformation cannot be used under an invalid license condition inprinciple.

If the decoder unit 1013 decides that the accounting object informationcannot be used and does not output the decoding key kd(1), the licenseinformation must be updated or valid license information must be addedto use the accounting object information. At this timing, accounting forthe user of the information is generated. The user must update thelicense information or acquire new license information somehow by a shopor vending machine or through the Internet. An apparatus or vendingmachine set in a shop or a network server holds the decoding key kd andthe encryption key ke and therefore can decode the license informationand rewrite and reencrypt the information so as to update the licenseinformation.

If the user wants to update the license information (or obtain newlicense information), (one of) the license information added to theaccounting object information must be sent to an apparatus having alicense information update function.

1′. Only a proper apparatus having the decoding key kd and theencryption key ke can decode/separate the decoding key kd(1) and thelicense condition of the accounting object information.

2′. Only a proper apparatus having the decoding key kd and theencryption key ke can reencrypt the license information after therewrite of the license condition.

The updated license information is output from the license informationupdate apparatus (a license information update client section 403 shownin FIG. 26, a license information update unit 603 shown in FIG. 38, alicense information update unit 702 shown in FIG. 41, or a licenseinformation update unit 804 shown in FIG. 47) and returned to the user'smedium. The license information is kept encrypted outside the licenseinformation update apparatus.

3′. Since the license information has undergone encryption as acharacteristic feature of the present invention, the license conditioncannot be inadequately changed.

Generally, to transmit a decoding key through a network, the decodingkey is often reencrypted using another key. However, as thecharacteristic feature of the present invention, the decoding key kd(1)for decoding the encrypted accounting object information is merged withthe license condition and then encrypted. This provides a significanteffect in protection and charge for accounting object information suchas a work, as described above.

The arrangements and operations of the information recording apparatus,the information reproducing apparatus, and the accounting apparatus ofthe present invention will be described below in detail.

(1) Information Recording Apparatus

(1-1) First Example of Information Recording Apparatus

FIG. 1 shows the first arrangement of an information recording apparatusaccording to the present invention. More specifically, FIG. 1 shows anarrangement of an information recording apparatus which encryptscontents information (to be referred to as accounting object informationhereinafter) as an accounting object such as a digitized work, encryptsthe license condition of the accounting object information and adecoding key for decoding the encrypted accounting object information togenerate license information, and records the encrypted accountingobject information and license information on a predetermined recordingmedium.

The information recording apparatus roughly comprises an accountingobject information input section 2, a license information generationsection 3, and a recording section 8.

Accounting object information is encrypted in advance using theencryption key ke(1) and input to the accounting object informationinput section 2. A decoding key corresponding to the encryption keyke(1) is the decoding key kd(1). Encryption of information X using anencryption key K will often be expressed as [X] k hereinafter, asneeded.

The license information generation section 3 is constituted by a licensecondition input section 4, a decoding key input section 5, a key holdersection 6, and an encryption section 7.

The encryption key ke is stored in the key holder section 6 in advance.This encryption key ke does not always agree with the encryption keyke(1).

A license condition is input to the license condition input section 4.The license condition includes at least one of the expiration date ofthe accounting object information, the license information write time,the contents ID, the medium ID, and the decoder unit ID.

The decoding key kd(1) corresponding to the encryption key ke(1), whichis used to decode the encrypted accounting object information, is inputto the decoding key input section 5.

The license condition and the decoding key kd(1) are input to theencryption section 7 respectively through the license condition inputsection 4 and the decoding key input section 5. The license conditionand the decoding key kd(1) are merged.

After this, the merged license condition and decoding key kd(1) areencrypted using the encryption key ke stored in the key holder section6. Generally, encryption schema are roughly classified into a public keyscheme and a secret key scheme, and either can be employed. Theencrypted data is called license information. As the characteristicfeature of the encryption section 7, the license condition and theencryption key ke(1) are inseparably combined by merging and encryption.Therefore, an apparatus capable of decoding data encrypted using theencryption key ke, i.e., an apparatus having the decoding key kdcorresponding to the encryption key ke can exclusively separate thelicense condition from the encryption key ke(1). The decoding key kd(1)is a key for decoding the encrypted accounting object information, sothe accounting object information and the license condition areinseparably combined. The accounting object information and the licenseinformation as data can be always separated. However, without validlicense information, the accounting object information cannot be decodedto use the contents.

The recording section 8 writes the license information in an informationstorage section 9 and then writes the encrypted accounting objectinformation subsequent to the license condition.

The information storage section 9 may be a recording medium such as aDVD-ROM, a DVD-RAM, or a hard disk. Such a recording medium havinginformation is set in a predetermined reproducing apparatus to reproducethe information. Alternatively, the information may be transferred fromthe information storage section 9 to another recording medium through anetwork such as the Internet or by broadcasting and reproduced by apredetermined reproducing apparatus.

FIG. 2 is a flow chart for explaining the operation of an informationrecording apparatus 1 shown in FIG. 1. First, the encrypted accountingobject information ke(1) is input to the accounting object informationinput section 2 (step S1), the license condition is input to the licensecondition input section 4 (step S2), and the decoding key kd(1) is inputto the decoding key input section 5 (step S3). The encrypted accountingobject information is transferred from the accounting object informationinput section 2 to the recording section 8 (step S4), the licensecondition is transferred from the license condition input section 4 tothe encryption section 7 (step S5), and the decoding key kd(1) istransferred from the decoding key input section 5 to the encryptionsection 7 (step S6). The encryption key ke held in the key holdersection 6 in advance is transferred to the encryption section 7 (stepS7). The encryption section 7 merges the license condition and thedecoding key kd(1) and then performs encryption using the encryption keyke to generate license information (step S8). The generated licenseinformation is transferred to the recording section 8 (step S9). Therecording section 8 merges the encrypted accounting object informationand license information and records them on the information storagesection 9 (step S10).

(1-2) Second Example of Information Recording Apparatus

FIG. 3 shows the second arrangement of an information recordingapparatus according to the present invention. More specifically, FIG. 3shows an arrangement of an information recording apparatus whichencrypts part of accounting object information as an accounting objectsuch as a digitized work together with a license condition to generatelicense information and records the remaining portion of the accountingobject information and license information in a predetermined recordingmedium. As in the first arrangement shown in FIG. 1, part of accountingobject information is encrypted together with a license condition to inseparately combine the accounting object information with the licensecondition.

The information recording apparatus roughly comprises a data separationsection 12, a license information generation section 13, and a recordingsection 18.

The data separation section 12 divides accounting object informationinto two parts. FIGS. 5A, 5B, 6A, and 6B show examples of dataseparation by the data separation section. For the descriptiveconvenience, a still picture will be exemplified, though this method canbe used for a motion picture and the like.

As shown in FIG. 5A, part (face regions in FIG. 5A) of a still picturemay be extracted, and the face regions as shown in FIG. 5B may beencrypted as part of license information. In this case, the image can beseen without decoding the license information (i.e., without paying thefee) although the image is partially omitted. As shown in FIG. 6A, animage is subjected to Fourier transformation to extract a frequencycomponent. A high-frequency component as shown in FIG. 6B may beencrypted as part of license information. In this case, unless thelicense information cannot be decoded (i.e., unless the fee is paid), noclear image can be obtained by reproducing the image with the frequencycomponent shown in FIG. 6A.

The license information generation section 13 is constituted by alicense condition input section 14, an encryption section 17, and a keyholder section 16.

The key holder section 16 stores the encryption key ke in advance. Thelicense condition input section 14 receives a license condition. Thelicense condition includes at least one of the expiration date of theaccounting object information, the license information write time, thecontents ID, the medium ID, and the decoder unit ID. The licensecondition is input to the encryption section 17 through the licensecondition input section 14. Part of accounting object information, whichis obtained by dividing the accounting object information into twoparts, is also input from the data separation section 12 to theencryption section 17. The license condition and part of the accountingobject information are merged and then encrypted using the encryptionkey ke stored in the key holder section 16 to generate licenseinformation.

The recording section 18 writes the license information in aninformation storage section 19 and then writes the remaining part of theaccounting object information, which is obtained by dividing theaccounting object information into two parts by the data separationsection 12, subsequent to the license information.

The information storage section 19 may be a recording medium such as aDVD-ROM, a DVD-RAM, or a hard disk. Such a recording medium havinginformation is set in a predetermined reproducing apparatus to reproducethe information. Alternatively, the information may be transferred fromthe information storage section 19 to another recording medium through anetwork such as the Internet or by broadcasting and reproduced by apredetermined reproducing apparatus.

FIG. 4 is a flow chart for explaining the operation of an informationrecording apparatus 11 shown in FIG. 3. Accounting object information isinput to the data separation section 12 (step S21), and the licensecondition is input to the license condition input section 14 (step S22).The data separation section 12 divides the input accounting objectinformation into two parts (step S23), transfers one part of theaccounting object information to the encryption section 17 (step S24),and transfers the remaining part of the accounting object information tothe recording section 18 (step S25). The license condition istransferred from the license condition input section 14 to theencryption section 17 (step S26). The encryption key ke is transferredfrom the key holder section 16 to the encryption section 17 (step S27).The encryption section 17 merges the license condition and the part ofthe accounting object information transferred from the data separationsection 12 and then encrypts them to generate license information (stepS28). The generated license information is transferred to the recordingsection 18 (step S29). The recording section 18 merges the part of theaccounting object information transferred from the data separationsection 12 and the license information and records them on theinformation storage section 19 (step S30).

(1-3) Third Example of Information Recording Apparatus

As still another example, the entire accounting object information maybe encrypted together with a license condition to inseparately combinethe accounting object information with the license condition.

FIG. 7 shows the third arrangement of the information recordingapparatus according to the first embodiment of the present invention.The same reference numerals as in FIG. 3 denote the same parts in FIG.7, and only different parts will be described below. In FIG. 7, the dataseparation section 12 in FIG. 3 is replaced with the accounting objectinformation input section 2 so that the accounting object informationinput to the accounting object information input section 2 is directlytransferred to the encryption section 17. The encryption section 17merges the entire accounting object information with the licensecondition and then encrypts them using the encryption key ke.

As described above, in the first example of the information recordingapparatus, the decoding key kd(1) for decoding the encrypted accountingobject information and the license condition are merged and encryptedusing the encryption key ke to generate license information. Inaddition, the encrypted accounting object information and the licenseinformation are merged and recorded on the information storage section9, so the accounting object information and the license condition can beinseparately combined. In this case, only an information reproducingapparatus having the encryption key ke corresponding to the encryptionkey ke can separate the license condition and the decoding key kd(1)from each other so the encrypted accounting object information can bedecoded using the separated decoding key kd(1) and reproduced.

In the second example of the information recording apparatus, part ofthe accounting object information and the license condition are mergedand encrypted using the encryption key ke to generate licenseinformation. The remaining part of the accounting object information andthe license information are merged and stored in the information storagesection 19. With this processing, the accounting object information andthe license condition can be inseparately combined. In this case, onlyan information reproducing apparatus having the decoding key kdcorresponding to the encryption key ke can decode the part of theaccounting object information and the license condition and separatethem from each other so the accounting object information can bereproduced from the decoded and separated part of the accounting objectinformation and the remaining part.

In the third example of the information recording apparatus, the entireaccounting object information and the license condition are merged,encrypted using the encryption key ke, and recorded on the informationstorage section 19, thereby inseparately combining the accounting objectinformation with the license condition. In this case, only aninformation reproducing apparatus having the decoding key kdcorresponding to the encryption key ke can decode, separate, andreproduce the accounting object information and the license condition.

All of these arrangements disable to separate the accounting objectinformation from the license condition without decoding.

The information storage section 9 or 19 may be a recording medium suchas a DVD-ROM, a DVD-RAM, or a hard disk. Such a recording medium havinginformation is set in a predetermined reproducing apparatus to reproducethe information. Alternatively, the information may be transferred fromthe information storage section 9 or 19 to another recording mediumthrough a network such as the Internet or by broadcasting and reproducedby a predetermined reproducing apparatus.

(2) Information Reproducing Apparatus

(2-1) First Example of Information Reproducing Apparatus

FIG. 8 shows the first arrangement of an information reproducingapparatus according to the present invention. More specifically, FIG. 8shows an arrangement of an information reproducing apparatus forreproducing information recorded on the information storage section 9 or19 in the first information recording apparatus shown in FIG. 1, thesecond information recording apparatus shown in FIG. 3, or the thirdinformation recording apparatus shown in FIG. 7 and distributed to auser by a recording medium or through a network or broadcasting.

The unit information recorded on, e.g., the information storage section9 in the first information recording apparatus includes accountingobject information encrypted and merged with license informationgenerated by encrypting the decoding key kd(1) for decoding theaccounting object information together with the license condition usingthe encryption key ke.

The license condition includes, e.g., the expiration date. Theexpiration date means an expiration date of accounting objectinformation corresponding to a predetermined fee paid by the user. Thelicense condition may also include the license information recordingtime. The license information recording time is a time when the licenseinformation has been recorded on, e.g., the information storage section9 in the first information recording apparatus shown in FIG. 1 and, morespecifically, time information read from, e.g., a clock incorporated inthe license condition input section 4 in generating the licenseinformation by the license information generation section 3.

Referring to FIG. 8, the information reproducing apparatus roughlycomprises an information storage section 101, a readout section 102, adecoder unit 103, and a reproduction section 104.

The information storage section 101 may be a recording medium such as aDVD-ROM, a DVD-RAM, or a hard disk. Alternatively, information recordedon the information storage section 101 may be transferred from theinformation storage section 9 or 19 shown in FIG. 1, 3, or 7 through anetwork such as the Internet or by broadcasting.

The readout section 102 reads out one unit of information from theinformation storage section 101, transfers the license information tothe decoder unit 103, and transfers the encrypted accounting objectinformation to the reproduction section 104.

The decoder unit 103 decodes the license information using the decodingkey kd stored in advance and decides on the basis of the obtainedlicense condition whether the decoding key kd(1) for decoding theencrypted accounting object information is to be output to thereproduction section 104, thereby realizing protection by copyright.

Since the accounting object information is encrypted using theencryption key ke(1), the accounting object information cannot bereproduced unless the reproduction section 104 obtains the decoding keykd(1) corresponding to the encryption key ke(1). The decoding key kd(1)is transferred from the decoder unit 103 to the reproduction section104. When the decoding key kd(1) is to be transferred from the decoderunit 103 to the reproduction section 104, the decoding key kd(1) isnormally protected. This is because if the decoding key kd(1) isacquired/stored during transfer, reproduction is enabled withoutintervening the decoder unit 103, and protection by copyright such aslicense condition check by the decoder unit 103 becomes meaningless. Aspecific example of transfer protection is described in, e.g., “NewsReport, Nikkei Electronics”, Nov. 18, 1996 (No. 676), pp. 13-14.

The reproduction section 104 has a decoder section 105. The decodersection 105 decodes the encrypted accounting object informationtransferred from the readout section 102 using the decoding key kd(1)transferred from the decoder unit 103. The reproduction section 104performs predetermined decoding for displaying the accounting objectinformation obtained upon decoding by the decoder section 105 anddisplays the accounting object information on a predetermined displaydevice.

FIG. 9 shows an arrangement of the decoder unit 103. The decoder unit103 comprises a license information input section 103 a, a decodersection 103 b, a decoding key holder section 103 c, a decision section103 d, a clock reference section 103 e, and a clock 103 f.

The license information input section 103 a receives license informationtransferred from the readout section 102 and outputs the licenseinformation to the decoder section 103 b.

The decoder section 103 b decodes the license information using thedecoding key kd stored in the decoding key holder section 103 c inadvance and outputs the obtained license condition, i.e., the expirationdate and the decoding key kd(1) to the decision section 103 d.

The clock reference section 103 e reads time (clock time) indicated bythe clock 103 f.

The decision section 103 d compares the clock time (indicating thecurrent time) acquired from the clock reference section 103 e with theexpiration date. If clock time £ expiration date, the decision section103 d decides that the accounting object information can be used (i.e.,the decoding key kd(1) can be output) and outputs the decoding key kd(1)to the reproduction section 104.

When the license condition also includes license information recordingtime, check of the expiration date and the license information recordingtime is also performed. More specifically, when the expiration date isvalid, the decision section 103 d compares the clock time with thelicense information recording time. If clock time 3 license informationrecording time holds, the decision section 103 d outputs the decodingkey kd(1) to the reproduction section 104. This check is performed toonly confirm the fact that “the license information has been recorded inthe past”, though it has great significance. The clock 103 f to bereferred to by the clock reference section 103 e is not always correct.Especially, excessive time delay in the clock is not preferable from theviewpoint of observance of the expiration date. Check of the licenseinformation recording time is meaningful in preventing time delay tosome extent. Assume that the clock indicates time one month ago. Also,assume that the license information recording time is 12:00 in a certainday, and the expiration date is set at 12:00 one week after the licenseinformation recording time. If the license information recording time isnot checked, the user can use the accounting object information for oneweek +one month. By checking the license information recording time, useof the accounting object information can be inhibited even when theclock time is largely delayed.

FIG. 10 is a flow chart for explaining the processing operation of theinformation reproducing apparatus shown in FIG. 8. The readout section102 reads out the unit information, i.e., the encrypted accountingobject information and license information recorded on the informationstorage section 101 (step S41), transfers the license information to thedecoder unit 103 (step S42), and transfers the encrypted accountingobject information to the reproduction section 104 (step S43). Thedecoder unit 103 decodes the license information using the decoding keykd stored in advance to obtain the license condition (expiration date)and the decoding key kd(1). It is decided on the basis of the licensecondition (expiration date) whether the accounting object informationcan be used (step S44). If the expiration date is valid, and it isdecided that the accounting object information can be used (YES in stepS45), the decoder unit 103 transfers the decoding key kd(1) to thereproduction section 104 (step S46). If it is decided that use of theaccounting object information is disabled, notification representingthat the decoding key kd(1) cannot be output is output to thereproduction section 104, and processing is ended. The reproductionsection 104 decodes the encrypted accounting object information usingthe decoding key kd(1) and further performs decoding to reproduce theaccounting object information (step S47).

The flow of processing operation of the decoder unit 103 in steps S44 toS46 in FIG. 10 will be described in more detail with reference to FIGS.8 and 9 and the flow chart shown in FIG. 11. The license informationinput section 103 a of the decoder unit 103 receives license informationtransferred from the readout section 102 (step S51) and transfers thelicense information to the decoder section 103 b (step S52). When thedecoding key kd is transferred from the decoding key holder section 103c (step S53), the decoder section 103 b decodes the license informationusing the decoding key kd (step S54). Data obtained by decoding thelicense information is transferred to the decision section 103 d (stepS55). When the clock time is transferred from the clock referencesection 103 e (step S56), the decision section 103 d compares thelicense condition (expiration date) with the clock time to decidewhether the accounting object information can be used (i.e., whether thedecoding key kd(1) is to be output to the reproduction section 104)(step S57). If it is decided that the accounting object information canbe used, the decoding key kd(1) is output to the reproduction section104 (steps S58 and S59). If it is decided that the accounting objectinformation cannot be used, notification representing that the decodingkey kd(1) cannot be output is output to the reproduction section 104(steps S58 and S60).

(2-2) Arrangement of Decoder Unit and Clock Incorporated in Decoder Unit

When the expiration date for accounting object information is to be usedas a license condition, and the expiration date is to be set for theaccounting object information, the accuracy of the clock 103 fincorporated in the decoder unit 103 shown in FIG. 9 is important. Inthat sense, a mechanism for disabling the user from arbitrary settingtime is necessary. FIG. 12 shows a decoder unit with such a mechanism.The same reference numerals as in FIG. 9 denote the same parts in FIG.12.

As shown in FIG. 12, the clock 103 f has a time setting section 111, atime setting disabling section 112, and a time counter 113. Theoperation of the clock 103 f shown in FIG. 12 will be described withreference to the flow chart shown in FIG. 13. When time settingdesignation information containing set time information is input throughthe time setting section 111 in shipment from a factory (step S71), thedesignated set time is set in the time counter 113 (steps S72 and S73).After this, the time setting disabling section 112 takes a measure todisable time setting through the time setting section 111 (steps S74 andS75). For example, the time setting disabling section 112 flows anovercurrent to a circuit for connecting the time setting section 111 andthe time counter 113 to physically disconnect the time setting section111 and the time counter 113. Upon taking the time setting disablingmeasure, any time setting becomes impossible.

An error evaluation section 103 g determines the maximum cumulativeerror by, e.g., the following method. The error evaluation section holdsthe “maximum time delay” and “maximum time advance” of the clock 103 f.The error evaluation section 103 g also has a time counter for errorevaluation. This time counter adds the maximum delay or maximum advanceper hour and transfers the cumulative maximum delay or cumulativemaximum advance (these are inclusively called a cumulative error) as asum value to the decision section 103 d.

The cumulative maximum advance or cumulative maximum delay means thecumulative time of errors generated due to, e.g., the abnormal operationof the clock 103 f itself. Therefore, when the clock time indicated bythe clock 103 f is to be compared with the expiration date or licenseinformation recording time, this cumulative error must be taken intoconsideration.

In this case, the decision section 103 d of the decoder unit 103 checkswhether the following relationships hold.

Clock time £ expiration date+cumulative maximum advance

Clock time 3 license information recording (update) time−cumulativemaximum delay

If the two relations simultaneously hold, it is decided that theaccounting object information can be used. When information recorded onthe information storage section 9 by the first information recordingapparatus is to be reproduced, it is decided that the decoding key kd(1)can be output. When information recorded on the information storagesection 19 by the second information recording apparatus is to bereproduced, it is decided that part of the accounting object informationcan be output.

The processing operation of the decoder unit shown in FIG. 12 will bedescribed next with reference to the flow chart in FIG. 14. The licenseinformation input section 103 a of the decoder unit 103 receives licenseinformation transferred from the readout section 102 (step S81) andtransfers the license information to the decoder section 103 b (stepS82). When the decoding key kd is transferred from the decoding keyholder section 103 c (step S83), the decoder section 103 b decodes thelicense information using the decoding key kd (step S84). Data obtainedupon decoding the license information is transferred to the decisionsection 103 d (step S85). The clock reference section 103 e acquiresclock time from the clock 103 f (step S86) and transfers the acquiredclock time to the decision section 103 d (step S87). The decisionsection 103 d acquired the cumulative error from the error evaluationsection 103 g (step S88) and compares the license condition (expirationdate) with the clock time in consideration of the cumulative error ofthe clock 103 f to decide whether the accounting object information canbe used (i.e., whether the decoding key kd(1) is to be output to thereproduction section 104) (step S89). If it is decided that theaccounting object information can be used, the decoding key kd(1) isoutput to the reproduction section 104 (steps S90 and S91). If it isdecided that the accounting object information cannot be used,notification representing that the decoding key kd(1) cannot be outputis output to the reproduction section 104 (steps S90 and S92).

(2-3) Time Setting No. 1 for Clock Incorporated in Decoder Unit

FIG. 15 shows another arrangement of the clock 103 f incorporated in thedecoder unit 103 and, more specifically, an arrangement of the clock 103f for setting time on the basis of encrypted time setting designationinformation.

As shown in FIG. 15, the clock 103 f comprises a set time input section121, a decoder section 122, a command certification section 123, a timesetting section 124, and a time counter 125.

The operation of the clock 103 f with this arrangement will be describedwith reference to the flow chart shown in FIG. 16. Time settingdesignation information containing set time information is encrypted inadvance. When the encrypted time setting designation information isinput to the set time input section 121 (step S101), the set time inputsection 121 transfers the encrypted time setting designation informationto the decoder section 122 (step S102). The decoder section 122 decodesthe encrypted time setting designation information (step S103) andtransfers the decoded time setting designation information to thecommand certification section 123 (step S104). The command certificationsection 123 confirms the command format of the time setting designationinformation (step S105). If the format is correct (YES in step S106),set time information contained in the time setting designationinformation is transferred to the time setting section 124 (step S107).The time setting section 124 sets time of the time counter 125 inaccordance with the set time information (step S108).

When the clock 103 f has the arrangement shown in FIG. 15, the timesetting designation information to be input to the clock 103 f mustalways be encrypted using a predetermined encryption key. For thisreason, an apparatus which cannot perform encryption (i.e., an apparatushaving no encryption key) cannot be used to set time. Therefore, theuser cannot easily set time of the clock 103 f, either.

(2-4) Time Setting No. 2 for Clock Incorporated in Decoder Unit

Time setting for the clock 103 f incorporated in the decoder unit 103through a network will be described next.

FIG. 17 is a view showing the concept of network time setting. A timesetting client includes a clock to be subjected to time setting, i.e.,the clock 103 f incorporated in the decoder unit 103 of the firstinformation reproducing apparatus as shown in FIG. 8. The time indicatedby this clock will be called a client time. A time setting server alsoincorporates a clock, and the time indicated by this clock will becalled a server time. In this form, the time setting server sets timefor the clock incorporated in the time setting client through a network.

Relatively complex processing is required to set time for the clockincorporated in the decoder unit. The reason for this is as follows. Theadvance in a clock 201 of the client must be checked. An operation ofconfirming that one minute of client time is almost equivalent to oneminute of server time must be performed. This confirmation is made by i)designating certification information transmission time from the server,and ii) designating certification information arrival time (setting timeout). The certification information is transmitted from the client tothe server to prevent false declaration. This is because the servermeasures the advance in client time using the certification informationarrival time. In addition, it must be guaranteed that the time settingcommand transmitted from the server is input to the clock 201immediately after it has arrived at the client. To guarantee such quickinput, time-out (time setting designation receiving time) is set for theclock 201 of the client.

FIG. 18 shows an arrangement of the time setting client. As shown inFIG. 18, the time setting client is constituted by a networkcommunication section 202, a client certification key storage section203, and an encryption section 204.

FIG. 19 shows an arrangement of the time setting server.

An operation of setting time for the clock 201 of the time settingclient from the time setting server through a network will be describednext with reference to FIGS. 20 to 22 showing flow charts of theoperations of the time setting client and time setting server, FIG. 23showing a block diagram of an arrangement of the clock 201 of the timesetting client, and FIGS. 24 and 25 showing flow charts of the operationof the clock 201.

First, the time setting client sends current client time t1 indicated bythe clock 201 to the time setting server through the networkcommunication section 202 (steps S111 and S112 in FIG. 20). Morespecifically, as shown in FIG. 23, a time readout section 302 reads outthe current client time t1 from a time counter 301 (S161 in FIG. 24) andoutputs the current client time t1 to the network communication section202 shown in FIG. 18 (step S162 in FIG. 24).

The time setting server receives the client time t1 through a networkconnection section 211 (step S131 in FIG. 21) and transfers the clienttime t1 to a time designation section 212 (step S132). The timedesignation section 212 notifies an arrival time period setting section213 of arrival of the time t1 from the client (step S133), adds apredetermined numerical value to the client time t1 to determinecertification information transmission time (client time) t2 (stepS134), and transfers the certification information transmission time t2to the time setting client through the network connection section 211(step S135). The certification information transmission time t2 isstored in a designation time storage section 218 (step S136). Uponreceiving the time arrival notification, the arrival time period settingsection 213 acquires arrival time (server time) T1 of the time t1 fromthe client (step S137), adds a predetermined numerical value to thearrival time T1 to determine certification information arrival time(server time) T2 (step S138), and stores the time T2 in an arrival timeperiod storage section 215 (step S139).

Upon receiving the certification information transmission time t2through the network communication section 202 (step S113 in FIG. 20),the time setting client transfers it to the clock 201 (step S114) andwaits until the client time t2. At the client time t2, the clock 201reads out the certification information and outputs it to the encryptionsection 204. At this time, the certification information may be time“t2” (step S115). More specifically, as shown in FIG. 23, the clock 201receives the certification information transmission time t2 and storesit in a designation time storage section 303 (step S163 in FIG. 24). Atime comparison section 304 reads out the certification informationtransmission time t2 stored in the designation time storage section 303and compares the certification information transmission time t2 with aclient time t indicated by the time counter 301 while occasionallyreferring to the client time t. When the certification informationtransmission time t2 coincides with the client time t, the time readoutsection 302 is designated to read out the client time (steps S164 toS168 in FIG. 24). Upon receiving this designation, the time readoutsection 302 reads out the client time (in this case, the time t2)indicated by the time counter 301 and outputs the readout time to theencryption section 204 shown in FIG. 18 (step S169 in FIG. 24). Theclock 201 of the time setting client adds a predetermined numericalvalue to the time t2 to determine time setting designation receivingtime (client time) t3 and stores the time t3 in a time settingdesignation receiving time storage section 309 (step S170 in FIG. 24).

When an encryption key k′s is transferred from the client certificationkey storage section 203 (step S116), the encryption section 204 of thetime setting client encrypts the time “t2” as certification informationusing the encryption key k′s (step S117) and transfers the encryptedcertification information ([t2] k′s) to the time setting server throughthe network communication section 202 (steps S118 and S119). In the timesetting server, a decoding key k′p corresponding to the encryption keyk′s is held in a server certification key storage section 219.

Upon receiving the encrypted certification information from the timesetting client through the network connection section 211 (step S140),the time setting server transfers the certification information to anarrival time period verification section 216 (step S141). The arrivaltime period verification section 216 extracts the certificationinformation arrival time T2 which has been stored in the arrival timeperiod storage section 215 and reads out, from a clock 214, time T(server time) at which the encrypted certification information isreceived (steps S142 to S144). The certification information receivingtime T is compared with the certification information arrival time T2.If T>T2, it is decided that the delay time is too long, and processingis ended (step S145). If T £ T2, the encrypted certification informationis transferred to a decoder section 217 (step S146 in FIG. 22) anddecoded using the decoding key k′p stored in the server certificationkey storage section 219 (steps S147 and S148). The decoded certificationinformation is transferred to a designation time confirmation section220 (step S149). The certification information transmission time t2which has been stored in the designation time storage section 218 isalso transferred to the designation time confirmation section 220. Bycomparing these times, the clock of the time setting client is certified(steps S150 to S152). In this case, the time “t2” is confirmed. Ifcertification of the clock of the time setting client fails, processingis ended. If certification of the clock of the time setting client issuccessful, the designation time confirmation section 220 transmits atime setting designation to a time setting designation generationsection 221 (step S153). Upon receiving this designation, the timesetting designation generation section 221 reads out the server time atthat time point from the clock 214 and generates a time setting commandcontaining the server time. The time setting command is encrypted usingan encryption key k′t. The clock of the time setting client holds adecoding key k′q corresponding to the encryption key k′t (steps S154 andS155). The encrypted time setting command is transmitted to the timesetting client through the network connection section 211 (steps S156and S157).

Upon receiving the encrypted license server through the networkcommunication section 202, the time setting client inputs the timesetting command to the clock 201 (steps S120 and S121 in FIG. 20).

As shown in FIG. 23, when the encrypted time setting command is receivedby a set time input section 305, the clock 201 notifies a time settingdesignation input time reference section 310 of it (steps S171 and S172in FIG. 24). Upon receiving this notification, the time settingdesignation input time reference section 310 acquires the client time tfrom the time counter 301 and outputs the client time t to a timecomparison section 311 (steps S173 and S174 in FIG. 24). The timecomparison section 311 reads out the time setting designation receivingtime t3 which has been stored in the time setting designation receivingtime storage section 309 and compares the time t3 with the client timet. At this time, the time comparison section 311 may docomparison/decision using allowable delay time At stored in an allowabledelay time storage section 312 in advance (steps S175 to S177 in FIG.24). If t>t3+Δt, it is decided that the delay time is too long, andprocessing is ended (step S178 in FIG. 24). If t £ t3, the timecomparison section 311 notifies the set time input section 305 of a timesetting allowance (steps S178 and S179 in FIG. 24). In response to thisnotification, the clock 201 of the time setting client performs the timesetting operation on the basis of the time setting designation (command)transmitted from the time setting server.

As shown in FIG. 23, upon receiving the time setting allowancenotification, the set time input section 305 of the clock 201 of thetime setting client transfers the encrypted time setting designation toa decoder section 306 (step S180 in FIG. 25). The decoder section 306decodes the encrypted time setting designation using the decoding keyk′q and transfers the decoded time setting designation to a commandverification section 307 (steps S181 and S182 in FIG. 25). The commandverification section 307 confirms the command format of the time settingdesignation. If the command format is correct, the server time in thetime setting designation is transferred to a time setting section 308(step S183 to S185 in FIG. 25). The time setting section 308 sets theclient time indicated by the time counter in accordance with the servertime received from the command verification section 307 (step S186 inFIG. 25).

(2-5) Second Example of Information Reproducing Apparatus (the LicenseCondition Includes an Accounting Object Information ID)

Accounting object information has an accounting object information IDfor identifying the accounting object information. The license conditionincludes at least the expiration date and the accounting objectinformation ID. A case wherein license information which has been storedin the information storage section of an information reproducingapparatus is updated through a network under this condition will bedescribed.

FIG. 26 shows the arrangement of the second information reproducingapparatus and the entire arrangement of a system for updating licenseinformation. The second information reproducing apparatus comprises aninformation storage section 401, a decoder unit 402, a licenseinformation update client section 403, a reproduction section 404, anetwork connection section 405, and an electronic banking section 406.

The information storage section 401 in the information reproducingapparatus is the same as the information storage section 101 in thefirst information reproducing appara thus shown in FIG. 8. Of the unitinformation read out by an information readout section (not shown inFIG. 26), license information is sent to the decoder unit 402.

FIG. 27 shows an arrangement of the decoder unit 402 shown in FIG. 26.The same reference numerals as in FIG. 9 denote the same parts in FIG.27. The arrangement shown in FIG. 27 is different from that shown inFIG. 9 in that an accounting object information ID output section 103 gfor outputting the accounting object information ID included in thelicense condition is added.

The operation of the decoder unit shown in FIG. 27 will be describednext with reference to the flow chart shown in FIG. 28. The licenseinformation is input to the license information input section 103 a ofthe decoder unit 402 and sent to the decoder section 103 b (steps S201and S202). The decoder section 103 b decodes the license informationusing the decoding key kd held in the decoding key holder section 103 cand transfers the decoded license information to the decision section103 d (steps S203 to S205). When clock time is transferred from theclock reference section 103 e (step S206), the decision section 103 dcompares the license condition (expiration date) with the clock time todecide whether the accounting object information can be used (i.e.,whether the decoding key kd(1) is to be output to the reproductionsection 404). If it is decided that the accounting object informationcan be used, the decoding key kd(1) is output to the reproductionsection 404 (steps S206 to S209). The above operation is the same asthat of the decoder unit shown in FIG. 9. On the other hand, if thedecision section 103 d decides that the accounting object informationcannot be used, the accounting object information ID contained in thelicense condition is transferred to the accounting object information IDoutput section 103 g, and simultaneously, notification representing thatthe decoding key kd(1) cannot be output is output to the reproductionsection 404 (steps S210 and S211). The accounting object information IDoutput section 103 g outputs the accounting object information ID to thelicense information update client section 403 (step S212).

The arrangement and operation of the license information update clientsection 403 will be described next mainly with reference to FIGS. 29 and30. The accounting object information ID sent from the decoder unit 402is input to a license information input section 403 a (step S221). Atthis time, license information other than the accounting objectinformation ID may be input to the license information input section 403a. License information containing at least the accounting objectinformation ID is input to the license information input section 403 a.The license information input to the license information input section403 a is output to the network connection section 405 through a licenseinformation transfer section 403 b and then transmitted to a licenseinformation update server 407 shown in FIG. 26 (steps S222 and S223).The license information transfer section 403 b may encrypt the licenseinformation and output it to the network connection section 405.

When an encrypted fee claim (including a field ID) is transmitted fromthe license information update server 407 shown in FIG. 26 incorrespondence with the accounting object information ID, the secondinformation reproducing apparatus receives the encrypted fee claimthrough the network connection section 405 and transfers the fee claimto a fee claiming input section 403 c of the license information updateclient section 403 (step S224). The encrypted fee claim is alsotransferred to a decoder section 403 d (step S225). The decoder section403 d decodes the encrypted fee claim and transfers it to a paymentconfirmation section 403 e (steps S226 and S227). The paymentconfirmation section 403 e displays the contents of the fee claim on,e.g., a predetermined display device and confirms the user's will aboutfee payment for use of the accounting object information (step S228).

If the user designates to pay the fee through a predetermined inputdevice, a payment designation section 403 f is requested to issue apayment designa5 tion (steps S229 and S230). The payment designationgenerated by the payment designation section 403 f is transmitted to aserver 408 of an electronic banking agency through the electronicbanking section 406 and then a predetermined network (step S231).

When account payment is confirmed by the server 408 of the electronicbanking agency, the license information update server 407 is notified ofit. Upon receiving this notification, the license information updateserver 407 generates new license information by postponing theexpiration date, encrypts the new license information, and transmits itto the second information reproducing apparatus. Upon receiving theupdated license information through the network connection section 405of the second information reproducing apparatus, the license informationis input to a license information input section 403 g in the licenseinformation update client section 403 and then transferred to a licenseinformation update section 403 h (steps S232 and S233). The licenseinformation update section 403 h overwrites the received licenseinformation on the license information of the accounting objectinformation, which has already been recorded on the information storagesection 401, thereby updating the license information (step S234).

The arrangement and operation of the license information update server407 will be described next with reference to FIGS. 31 and 32. Thelicense information transmitted from the second information reproducingapparatus in step S223 in FIG. 30 is received by a network connectionsection 407 a in the license information update server 407 andtransferred to a license information update unit 407 b (steps S241 andS242 in FIG. 32). The license information is decoded, as needed, and thedecoded license information is registered in a license informationdatabase 407 c (step S243). At this time, the license informationdatabase 407 c adds a field ID to the license information to manage thelicense information update history. The license information update unit407 b is also notified of this field ID. An accounting databaseretrieval section 407 d searches an accounting database 407 e on thebasis of the accounting object information ID contained in the licenseinformation to generate a fee claim (steps S244 to S246).

As the contents of the fee claim, the accounting object information ID,the fee to be paid for use of the accounting object information (feecorresponding to the expiration date), a fee payment destination, andthe like are described, as shown in FIG. 33.

The generated fee claim is transferred to an encryption section 407 ftogether with the field ID, encrypted, transferred to the networkconnection section 407 a, and then transmitted to the second informationreproducing apparatus through the network (steps S247 to S250). Theencrypted fee claim and field ID are received by the second informationreproducing apparatus and subjected to processing from step S224 in FIG.30.

In the second information reproducing apparatus, payment for use of theaccounting object information is performed by issuing a paymentdesignation in step S231 in FIG. 30. When the fee claim presented forthe user has contents as shown in FIG. 33, the contents of the paymentdesignation are described as, e.g., “10 yen/week for “ABCD” to abc,reference number: field ID”, and payment is performed through theelectronic banking section 406. The reference number is the field IDadded to the license information. The server 408 of the electronicbanking agency which has received the payment designation performspayment processing and then sends a payment confirmation to the licenseinformation update server 407 together with a specification “10 yen/weekfor “ABCD” from A to abc, reference number: field ID”. In this case, Ais the user ID.

When the license information update server 407 receives the paymentconfirmation through a network connection section 407 g, the licenseinformation update unit 407 b searches the license information database407 c for license information to be updated, on the basis of thereference number, i.e., the field ID (steps S251 to S253). The licenseinformation update unit 407 b updates the license condition in thelicense information with reference to the payment confirmation, encryptsthe license information (step S254), and transmits the encrypted licenseinformation to the second information reproducing apparatus through thenetwork connection section 407 a (steps S255 and S256).

The fee claim to be transmitted from the license information updateserver to the second information reproducing apparatus is encrypted dueto the following reason. The communication path used to transmit the feeclaim is a public line such as the Internet, and generally, securitytherefor is not guaranteed. For this reason, the fee claim may bechanged, and the user may pay the fee for a wrong destination. The feeclaim is encrypted to prevent this.

FIG. 34 is a flow chart for explaining the operation of the entiresystem including the second information reproducing apparatus shown inFIG. 26. The reference numerals (steps S261 to S286) in FIG. 34correspond to those in FIG. 26, and a detailed description thereof willbe omitted.

(3) License Information Update Unit

A license information update unit will be described next. The licenseinformation update unit mainly updates the license condition in licenseinformation. For example, the license information update unit can beused as an independent unit to update license information recorded onthe information storage section by the first information recordingapparatus together with accounting object information. To update thelicense information, the license information update unit must cancel(decode) encryption of the license information, input a desired licensecondition which has been newly input, confirm whether payment for thelicense condition has been done, and then, encrypt the licenseinformation, and output it as updated license information.

FIG. 35 shows an arrangement of the license information update unit. Thearrangement and operation of the license information update unit shownin FIG. 35 will be described below with reference to the flow chartsshown in FIGS. 36 and 37.

In license information update processing, first, license information isinput to a license information input section 501, and a desired licensecondition is input to a desired license condition input section 506(step S301 in FIG. 36 and step S308 in FIG. 37). In this case, thelicense information is constituted by the license condition and thedecoding key kd(1) of the encrypted accounting object information, whichhave been described with reference to the first information recordingapparatus. The desired license condition means the license condition ofa user's choice and is input from the user side through an appropriateinterface.

The license information input to the license information input section501 is decoded by a license information decoder section 502 using thedecoding key held in a decoding key holder section 503 (step S302 inFIG. 36) to separate the license condition and the accountinginformation decoding key from each other such that the licenseinformation (especially the license condition) can be updated, andsimultaneously, information necessary for charging, such as anaccounting object information ID, is sent to a fee claiming outputsection 507 (step S303 in FIG. 36 and step S310 in FIG. 37). The licenseinformation which can be updated is rewritten by a license informationupdate section 505 to the license condition input by the desired licensecondition input section 506 (step S304 in FIG. 36). To charge for thedesired license condition, the desired license condition input section506 outputs the desired license condition to the fee claiming outputsection 507 to prompt to charge for the input desired license condition.The fee claiming output section 507 outputs, outside the apparatus, thedesired license condition input from the desired license condition inputsection 506 and the information necessary for accounting, such as theaccounting object information ID, input from the license informationdecoder section 502 on the basis of a predetermined protocol (step S310in FIG. 37). In response to this output, the external apparatus startsthe accounting procedure. The fee claiming information to be output isdetermined by the usage environment of the information distributionsystem (i.e., the information distribution system constituted by theinformation recording apparatus and the information reproducingapparatus of the present invention) for protection by copyright andaccounting, which incorporates the license information update unit. Ifthe copyright holder of the accounting object information has beenspecified, the accounting object information ID need not be output. Ifthe license condition has been set for all accounting object informationin advance, the desired license condition input section 506 can beomitted, and the license condition need not be output from the feeclaiming output section 507. As described above, the license informationupdate unit of this embodiment takes some self-explanatory variationsdepending on its usage environment.

Upon completing fee payment for the fee claiming information, a paymentconfirmation signal is sent from the external apparatus to a paymentconfirmation section 508. When this signal is sent, the updated licenseinformation input from the license information update section 505 issent to an updated license information encryption section 509 so thelicense information is encrypted using a predetermined encryption keyheld in an encryption key holder section 510 (steps S305 and S306 inFIG. 36). At this time, the updated license information is not sent tothe updated license information encryption section 509 unless the signalis received. With this function, the license information update unit ofthis embodiment prevents the updated license information from beingoutput when payment has not been performed yet.

The updated license information encrypted by the updated licenseinformation encryption section 509 is sent to an updated licenseinformation output section 511 and output to the external apparatus(step S307). In this case, the accounting object information ID meansthe ID of the accounting object information, which represents thecopyright holder of the information and is necessary for specifying tothe accounting amount or the accounting target.

The license information update unit shown in FIG. 35 can be applied notonly to update the license information recorded on a recording medium orthe like by the above-mentioned first information recording apparatusbut also to update license information recorded on a recording medium orthe like by the second or third information recording apparatus as amodification of the first information recording apparatus.

The license information update unit shown in FIG. 35 can be used as anindependent unit, combined with the information reproducing apparatus ofthe present invention, or incorporated in the information reproducingapparatus. Alternatively, the license information update unit can beused as the license information update unit 407 b in the licenseinformation update server shown in FIG. 31.

(4) Accounting Apparatus for Protection by Copyright

FIG. 38 shows an arrangement of the main part of an accounting apparatusfor performing accounting for protection by copyright on the basis oflicense information recorded on a recording medium or the like by theabove-described information recording apparatus.

Referring to FIG. 38, license information is loaded from a recordingmedium 615 such as a magnetic disk, a DVD, or a CD by a licenseinformation loading section 601. Simultaneously, a desired licensecondition is input from a desired license condition input section 602through an input medium 616 such as a keyboard or a mouse. The licenseinformation and the desired license condition are input to a licenseinformation update unit 603 and subjected to the same licenseinformation update processing as in the above-described licenseinformation update unit so that accounting information as a fee claim issent to an accounting information retrieval section 604. The accountinginformation is necessary for specifying the desired license conditionand accounting target. The accounting information retrieval section 604searches an accounting information database 609 for accounting amountinformation on the basis of the accounting information. If theaccounting amount has been determined in advance, the desired licensecondition need not be output from the license information update unit603, and the accounting amount itself can be output. In this case,accounting information retrieval need not be performed. If the copyrightholder of the accounting object information has been specified, theaccounting information such as an accounting object information ID neednot be output from the license information update unit 603. In thiscase, an accounting history administration section 608 need toadminister only the accounting amount information and not the accountingobject information ID. As described above, the accounting information tobe output from the license information update unit 603 takesself-explanatory variations depending on the situation of application ofthe accounting apparatus.

The accounting information and accounting amount information are sent toan accounting amount information output section 605, so the accountingamount is presented to the user. When the user pays the presentedaccount by some method, a payment decision section 606 confirms thepayment and sends a signal confirming the payment to the paymentconfirmation section 508 in the license information update unit. If theuser is to pay the fee in cash, a note/coin insertion section and adecision section are arranged, and a signal is sent to the paymentdecision section 606 in accordance with decision by the decisionsection. The payment is done by various methods using an electronicmoney, a credit card, or a prepaid card, so the decision is also made byvarious methods.

If the payment decision section 606 decides that payment is complete,the payment decision section 606 sends the accounting information to theaccounting history administration section 608 such that the accountinginformation is stored and administered.

It is assumed that the accounting apparatus of this embodiment is notconnected to an external apparatus through a network or the like, sobanking is not complete at that point. For this reason, in thisembodiment, the method of distributing such payment must beadministered, so the accounting history administration section 608 isrequired. The history information stored in the accounting historyadministration section 608 is periodically read by a predeterminedadministrator, so the banking is performed by an appropriate section.

Finally, the license information update unit 603 which has received thesignal representing completion of payment from the payment decisionsection 606 outputs the updated license information to an updatedlicense information write-in section 607 through the same procedure asthat in the above-described license information update unit. Thewrite-in section 607 writes the updated license information at anappropriate portion of the input recording medium 615.

When the accounting apparatus of this embodiment is combined with theinformation reproducing apparatus of the present invention, a vendingmachine for information with a copyright, which has a so-called licenseinformation update function, can be realized. As a characteristicfeature, the characteristic function of the present invention isrealized in one machine. With this arrangement, when accounting objectinformation with a copyright is to be rented or sold, and it is assumedthat the (encrypted) accounting object information has already beeninput to a portable recording medium such as a DVD or CD, appropriateaccounting processing can be performed by inserting the recording mediumin the accounting apparatus of this embodiment, so anyone is allowedanytime to conveniently buy the license for the contents.

(4-1) License Information Update Unit Taking Measure for PreventingIllicit Copy of Accounting Object Information and Decoder Unit inInformation Reproducing Apparatus Corresponding to the LicenseInformation Update Unit

As can be easily understood, when permanent use of accounting objectinformation with a copyright or a very late expiration date ispermitted, the storage medium itself may be copied. If copies aredistributed in a large volume, the copyright cannot be protected. Tosolve this problem, when permanent use or a long-term expiration date isto be permitted as a license condition, the decoder unit and licenseinformation update unit of this embodiment exclusively allow oneincorporated decoder unit to reproduce the accounting objectinformation. In the following description, a “definite license” or“permanent license” includes permission of permanent use or a long-termexpiration date (this also applies to a description of (4-2) and thelike). With this arrangement, even when a different decoder unit isused, the use is refused. Copies of information yield no benefit, andaccordingly, the copyright is protected. In this case, however, thepermanent license of accounting object information cannot be purchasedwithout knowing the decoder unit ID (ID which specifies a decoder unit).For this reason, as the characteristic feature of the licenseinformation update unit of this embodiment, the decoder unit ID is addedto the license condition at the first use of permanent license purchasecontents. The decoder unit ID is identification information foridentifying a decoder unit and can be, e.g., the manufacturing number ofthe decoder unit.

FIG. 39 shows an arrangement of the decoder unit of this embodiment. Thearrangement and operation of a decoder unit 701 will be described belowwith reference to the flow chart shown in FIG. 40.

When license information is input from a license information inputsection 711 (step S401), the license information is sent to a decodersection 712. The decoder section decodes the license information using adecoding key held in a decoding key holder section 713 (step S402). Thedecoded license information is sent to a license condition changenecessitating decision section 714 (step S403). When the expiration datein the license condition is indefinite, the decision section 714 decideswhether the expiration date is limited to a specific decoder unit ID. Ifthe expiration date is not limited to a specific decoder unit ID, thedecision section 714 decides that the license condition need be changedand causes a license information update unit 702 to update the licensecondition. More specifically, the decision section 714 receives thedecoded license information, loads the license condition from thelicense information, and decides whether the expiration date isindefinite (step S404). If YES in step S404, it is decided whether thelicense condition is limited to a decoder unit ID (step S405). If YES instep S405, the license condition is sent to a decision section 715. Thedecision section 715 sends a designation for presenting the decoder unitID to a decoder unit ID reference section 716 (step S406). The decoderunit ID presented by the reference section 716 is compared with thedecoder unit ID described in the license condition (step S407). If thedecoder unit IDs agree with each other, the decoding key kd(1) of theencrypted accounting object information (contents) is output, andprocessing is ended (step S408). If the decoder unit IDs do not agreewith each other, e.g., a NULL code (the NULL code is normally set at“0”) is output to indicate that decoding is disabled, and processing isended (step S409). If the expiration date is indefinite, and no decoderunit ID is described in the license condition, the license conditionchange necessitating decision section 714 decides that the decoder unitID need be described in the license condition, acquires the decoder unitID from the decoder unit ID reference section 716, and sends theacquired decoder unit ID and the encrypted license information to thelicense information update unit 702 (step S410).

If the license condition is not indefinite (NO in step S404), thelicense condition is sent to the decision section 715. The decisionsection 715 receives the current time from a clock reference section 717(step S411) and decides on the basis of the time whether the accountingobject information can be used. If use of the accounting objectinformation is enabled, the decoding key kd(1) of the encryptedaccounting object information (contents) is output, and processing isended (steps S412 and S413); otherwise, the NULL code is output, asdescribed above, and processing is ended (step S414).

FIG. 41 shows an arrangement of the license information update unit 702.The arrangement and operation of the license information update unit 702shown in FIG. 41 will be described below with reference to the flowchart shown in FIG. 42.

The license information update unit 702 sends license information inputto a license information input section 721 to a license informationdecoder section 723. The license information decoder section 723 decodesthe information on the basis of the decoding key from a decoding keyholder section 724 (steps S421 and S422). The decoded licenseinformation is sent to a license information update section 725 toextract the license condition (step S423). On the other hand, thedecoder unit ID input to a decoder unit ID input section 722 is sent tothe license information update section 725 (step S424). The licenseinformation update section 725 adds a limitation of the decoder unit IDto the extracted license condition, thereby updating the licensecondition (step S425). New license information is generated on the basisof the updated license condition and sent to an updated licenseinformation encryption section 726. The updated license informationencryption section 726 encrypts the updated license information on thebasis of the encryption key presented by an encryption key holdersection 727 (step S426) and then sends the license information to anupdated license information output section 728, so the licenseinformation is sent outside the license information update unit 702(step S427).

The license information update unit 702 and the decoder unit 701 may beintegrated into one unit and replaced with, e.g., the licenseinformation update unit 603 in the information distribution system shownin FIG. 38.

(4-2) Another Example of Decoder Unit Taking Measure for PreventingIllicit Copy of Accounting Object Information

As described above in (4-1), when permanent license or a long-termexpiration date (these two cases will be included in the category ofpermanent license hereinafter) is permitted, the accounting objectinformation may be copied, and protection by copyright cannot beensured. This problem is substantially solved by using the licenseinformation update unit described in (4-1) and the decoder unitcorresponding to the license information update unit. That is, use ofaccounting object information for which permanent license is permittedis limited to one decoder unit ID. As a problem in this case, thedecoder unit ID of the purchaser may be unknown in purchasing thepermanent license. In the second decoder unit to be described below,when accounting object information with permanent license is used forthe first time, the decoder unit ID to be used is written in the portionwhere the permanent license is described to prevent use of other decoderunit IDs.

In this scheme, however, the accounting object information may be copiedbefore the first use. If an enormous volume of the copied accountingobject information with the permanent license is distributed, thecopyright cannot be protected. For this reason, in the second decoderunit, a media ID is added to the permanent license and referred tobefore use. The media ID means the manufacturing number of a DVD or CD.It is generally assumed that the media ID is written in a ROM area toprevent the ID from being changed. Since this license condition islimited to a specific media ID, a copy on another medium cannot be usedbecause the media ID on the copy side does not match the original mediaID.

FIG. 43 shows an arrangement of the second decoder unit. The arrangementand operation of the second decoder unit shown in FIG. 43 will bedescribed below with reference to the flow chart shown in FIG. 44.

License information is input to a license information input section 741and sent to a decoder section 742 (step S431). The decoder section 742decodes the license information using a decoding key held in a decodingkey holder section 743 to separate the license condition from theremaining information (step S432). The separated license condition issent to a license condition change necessitating decision section 744 todecide whether the limitation of the decoder unit ID is to be added tothe license condition. More specifically, as described in (4-1), if theexpiration date is indefinite, and the decoder unit ID is not limited toa specific decoder unit, the limitation of the decoder unit ID must beadded to the license condition. Only in such a case, it is decided thatthe license condition need be changed. The decoder unit ID is acquiredfrom a decoder unit ID reference section 746 and sent to a licenseinformation update unit 732 together with the extracted licenseinformation (steps S434, S435, and S447). Otherwise, the licensecondition information is sent to a decision section 745 to decide thelicense condition.

The decision section 745 performs the following processing to decidewhether the license condition is valid. If the license conditioncontains an indefinite expiration date, and the decoder unit ID islimited to a specific decoder unit, it is decided whether the licensecondition contains a limitation of the media ID. If the licensecondition contains the limitation of the media ID, the media ID of themedium having the accounting object information, which is held in amedia ID holder section 748, is referred to and compared with the mediaID as the limitation in the license condition. If both the media IDscoincide with each other, the decoding key kd(1) is output, andprocessing is ended (steps S434 to S440). If the media IDs do notcoincide with each other, a signal representing that the use is refused,e.g., a NULL code is output, and processing is ended (step S441). If thelimitation of the media ID is absent (NO in step S438), the decoding keykd(1) is output, and processing is ended (step S442). The media ID to bereferred to at this time is input from a media ID input section 747 andheld in the media ID holder section 748.

If the license condition has a definite expiration date (NO in stepS434), the current time is referred to through a clock reference section749 (step S444) to decide whether the time is within the period (stepS445). If NO in step S445, a signal representing that the use isrefused, e.g., a NULL code is output, and processing is ended (stepS446). If YES in step S445, the flow advances to step S438 to decidewhether the license condition contains the limitation of the media ID.The validity of the license condition is decided using the samealgorithm as in case wherein the expiration date is indefinite, anappropriate signal is output in accordance with the decision result, andprocessing is ended.

It seems that when the expiration date is definite, the limitation ofthe media ID need not be added to the license condition because of thegist of the media ID. However, the definite period may be long. In thiscase, the copyright cannot be sufficiently protected in that period.Even before the expiration date, certain accounting object informationis disadvantageous if it is copied without any limitation. In this caseas well, the second decoder unit can be effectively used.

This also applies to the decoder unit ID. Even when the expiration dateis definite, the limitation of the decoder unit ID in the licensecondition is effective and can be realized as in the limitation of themedia ID. This also applies to the above-described (4-1).

(5) Copy Apparatus

FIG. 45 shows an arrangement of a copy apparatus for copying informationrecorded on a recording medium or the like by, e.g., the firstinformation recording apparatus shown in FIG. 1. The arrangement andoperation of the copy apparatus shown in FIG. 45 will be described belowwith reference to the flow chart shown in FIG. 46.

The basic concept of copy is to default the license condition in copyinginformation. More specifically, the license information of accountingobject information recorded on a certain medium (medium 801 in FIG. 45)may include an effective license condition. However, the copy apparatusshown in FIG. 45 erases the license condition and records the accountingobject information on another medium (medium 802 in FIG. 45).

First, the unit information (e.g., encrypted accounting objectinformation and license information thereof) recorded on the medium 801as the copy source is read by a readout section 803 (step S501), andonly the license information is transferred to a license informationcopy unit 804 (step S502). A readout section 807 reads the media ID ofthe medium 802 as the copy destination and transfers the media ID to thelicense information copy unit 804 (steps S503 and S504). The licenseinformation copy unit 804 defaults the license information read from themedium 801 as the copy source and writes the media ID of the medium 802as the copy destination in the license condition, thereby updating thelicense information (step S505). The updated license information isoutput to a write-in section 806 (step S506).

The license information copy unit 804 has an arrangement as shown in,e.g., FIG. 47. The arrangement and operation of the license informationcopy unit 804 will be described below with reference to the flow chartshown in FIG. 48.

The license information is input to a license information input section811 of the license information copy unit 804 (step S511 in FIG. 48),transferred to a decoder section 812 (step S512), and decoded by thedecoder section 812 (step S513). The decoded license information istransferred to a license information update section 813 (step S514). Themedia ID of the medium 802 as the copy destination is input to a mediaID input section 814 (step S515) and transferred to the licenseinformation update section 813 (step S516). The license informationupdate section 813 defaults the license condition of the licenseinformation read from the medium 801 as the copy source and writes themedia ID of the medium 802 as the copy destination in the licensecondition, thereby updating the license information (steps S517 andS518). The updated license information is transferred to a licenseinformation output section 815 (step S519) and output to the write-insection 806 shown in FIG. 45 (step S520).

Referring back to FIG. 45, the write-in section 806 writes the updatedlicense information in the medium 802 as the copy destination andsimultaneously writes the accounting object information transferred fromthe readout section 803 in the medium 802, and processing is ended(steps S507 to S509 in FIG. 46).

As described above, in the copy apparatus shown in FIG. 45, since thelicense condition of the license information read from the medium 801 asthe copy source by the license information copy unit 804 is erased, thelicense information has no valid license condition although theaccounting object information recorded on the medium 802 as the copydestination is the same as that on the medium 801. Therefore, even whenthe information recorded on the medium 802 is to be reproduced by aninformation reproducing apparatus having a decoder unit as shown in FIG.43, use of the information is refused. More specifically, only a decoderunit having a decoding key can decode the license information. To decodethe encrypted accounting object information, a decoding keycorresponding to the accounting object information included in thelicense information is required, so the accounting object informationcannot be used in this state. To use the accounting object informationcopied in the medium 802, a valid license condition must be added to thelicense information by some proper accounting procedure.

Defaulting the license condition is not limited to erase of theeffective license condition. For example, a license condition whichenables use of the copy until only one day after copying may bedescribed. For example, assuming that the current time is “13:00, April16”, a license condition with an expiration date at “23:59, April 17”isdescribed.

The copy apparatus in FIG. 45 defaults the license condition andsimultaneously writes the media ID of the medium 802 as the copydestination. The media ID is a character string for specifying themedium having the accounting object information, such as a manufacturingnumber described in the ROM area of, e.g., a DVD-RAM. Alternatively, themedia ID may be the manufacturing number of the hard disk device.

In this embodiment, the media ID is contained in the licenseinformation. The decoder unit which is to use the media ID confirms themedia ID in decoding the license information. If the media ID of theDVD-RAM having the information to be reproduced does not agree with thatcontained in the license information, the decoding key for decoding theaccounting object information is not output, as described above. Thisoperation of the decoder unit makes the accounting object informationitself designate the “medium”.

The accounting object information whose license information contains themedia ID can be copied only by a proper copy apparatus (i.e., anapparatus having a decoding key) as described in this embodiment. Toreproduce the accounting object information in the medium 802 as thecopy destination using an information reproducing apparatus having adecoder unit which confirms the media ID, the media ID of the medium 802must be buried in the license condition of the license information. Thecopy apparatus shown in FIG. 45 performs processing therefor.

(6) Third Example of Information Reproducing Apparatus: InformationReproducing Apparatus Using Decoder Unit to Watch Subsidiary Information(Warning Associated with Advertisement or Use of Copyright)

FIG. 49 shows an arrangement of the third information reproducingapparatus. To ensure proper watching of subsidiary information containedin information recorded on a recording medium or the like by theinformation recording apparatus of the present invention, watchingconfirmation data is inserted into the subsidiary information. Forexample, watching confirmation data is inserted into subsidiaryinformation at two or more positions. An example of subsidiaryinformation will be shown.

“In 0Th0 beginning did exist Logs. 0is0 Logos 00with the God. Lo0isgoswas 0th0 God. In the beginning he was 0ec0 with the God. All0erti0 wascreated by him0fi0. Of things0cat0 created, nothing0ta. 0was00 not0da0created by 0 ion0 him.”

A watching confirmation data extraction section 903 shown in FIG. 49sends input subsidiary information to a reproduction section 905 toreproduce the subsidiary information. At the same time, the watchingconfirmation data extraction section 903 sequentially checks thesubsidiary information and extracts characters sandwiched by two “0”s.If nothing is inserted between two “0”s, the extracted character stringis stored. In the above example, a character string “this is thecertification data.” is extracted as watching confirmation data andstored in a predetermined memory incorporated in the watchingconfirmation data extraction section 903. It is important to insert thewatching confirmation data into the subsidiary information at two ormore positions. When the watching confirmation data is inserted into thesubsidiary information, the watching confirmation data cannot bereproduced unless the entire subsidiary information is reproduced.Therefore, watching can be confirmed upon reproducing the watchingconfirmation data.

The arrangement and operation of the third information reproducingapparatus shown in FIG. 49 will be described below with reference to theflow chart shown in FIG. 50.

An information storage section 901 has the same arrangement as that ofthe information storage section 101 in the first information reproducingapparatus shown in FIG. 8. The unit information read from theinformation storage section 901 by an information readout section 902contains encrypted accounting object information, license information,and subsidiary information. Of these pieces of information, theencrypted accounting object information is transferred to thereproduction section 905 (step S601), and the subsidiary information istransferred to the watching confirmation data extraction section 903(step S602). The watching confirmation data extraction section 903 scansthe subsidiary information to extract watching confirmation data (stepS603). The readout section 902 transfers the license information to adecoder unit 904 (step S604).

The license condition of the license information contains watchingconfirmation data as a reproduction condition for the accounting objectinformation. The decoder unit 904 reads out the watching confirmationdata which has been confirmed by the watching confirmation dataextraction section 903 and collates the two watching confirmation data(steps S605 and S606). If the watching confirmation data agree with eachother, processing is continued (step S607). More specifically, after thelicense condition such as the expiration date is confirmed, the key fordecoding the accounting object information is output to the reproductionsection 905 to reproduce the accounting object information (steps S608to S611).

FIG. 51 shows an arrangement of the decoder unit 904. The arrangementand operation of the decoder unit 904 will be described below withreference to the flow chart shown in FIG. 52.

The license information transferred to the decoder unit 904 is input toa license information input section 904 a (step S621) and transferred toa decoder section 904 b (step S622). The decoder section 904 b decodesthe license information using the decoding key kd held in a decoding keyholder section 904 c and transfers the license information to a watchingconfirmation section 904 d (steps S623 to S625). The watchingconfirmation data sent from the watching confirmation data extractionsection 903 is input to a watching confirmation data input section 904 eand transferred to the watching confirmation section 904 d (step S626).The watching confirmation section 904 d collates the watchingconfirmation data as the accounting object information reproductioncondition contained in the license condition of the license informationwith the watching confirmation data sent from the watching confirmationdata extraction section 903 (step S627). If the two watchingconfirmation data match, the license information is sent to a decisionsection 904 f (steps S628 and S629). The decision section 904 f decideson the basis of the license condition in the license information whetherthe accounting object information can be used (i.e., whether thedecoding key kd(1) is to be output to the reproduction section 905), andin accordance with the decision result, outputs the decoding key to thereproduction section 905 (steps S630 to S632).

In the above-described information recording apparatus of the presentinvention, one accounting object information is recorded on a recordingmedium or the like in correspondence with one license information.However, one accounting object information may be recorded on arecording medium or the like in correspondence with a plurality ofpieces of license information.

In the information reproducing apparatus of the present invention, whenit is decided whether accounting object information can be used, thelicense condition contained in one license information corresponding tothe accounting object information is referred to. However, the presentinvention is not limited to this. When a plurality of pieces of licenseinformation are recorded on the recording medium in correspondence withone accounting object information, license conditions contained in allthe license information may be sequentially referred to to determinewhether the accounting object information can be used. That is, if oneof license conditions contained in the plurality of pieces of licenseinformation is satisfied, it is decided that the accounting objectinformation can be used.

In the information reproducing apparatus and accounting apparatus of thepresent invention, when license information is to be updated, thelicense information which has already been recorded on a recordingmedium is rewritten. However, license information may be additionallyrecorded on the recording medium. Therefore, in the description ofupdating the license information recorded on the recording medium in theabove embodiment, “update” means not only “overwrite recording” but also“additional recording”.

In addition, the number of decoder unit IDs or media IDs contained inthe license condition is not always one.

(Second Embodiment)

(1) Decoder Unit A

FIG. 54 shows an arrangement of a decoding decision device, i.e., adecoder unit A according to the second embodiment.

The decoder unit A checks on the basis of license information belongingto chargeable data as digital contents whether the use of the contentsis enabled (i.e., whether the license for the use of the contentsinformation based on the license condition defined by contract isvalid). If the license condition is valid, a contents decoding keyrequired to use the contents information is output to an informationusage device such as a video reproducing device for reproducing thecontents information or the like.

In this case, the contents information is encrypted in advance. Thedecoding key (to be referred to as a contents decoding key hereinafter)is added to the license information together with the contents licensecondition such as an expiration date or contents informationidentification information (ID). All the license information isencrypted and provided to the subscriber together with the encryptedcontents information (for example, the license information isdistributed through a recording medium storing the license informationor broadcast distribution).

The license information is decoded using a secret key present in thedecoder unit A. FIG. 55 shows an example of license information. Asshown in FIG. 55, the license information contains at least the contentsdecoding key, the contents license condition such as the expiration datefor the contents information, and the ID of the contents information.

If the secret key for decoding the license information is common to alldecoder units, it is convenient for the operation, though leakage of thesecret key allows to read all contents decoding keys contained inlicense information to be decoded using this decoder unit in principle.This is a serious problem for the decoder unit A with a purpose ofprotecting the license, and the present invention has as its object tosolve this problem.

To solve this problem, the decoder unit A of this embodiment generates asecret key for decoding license information and uses the secret key onlyin a predetermined period.

The operations of the various portions of the decoder unit A shown inFIG. 54 will be described next with reference to the flow chart shown inFIG. 57.

Encrypted license information is input to the decoder unit A through alicense information input section 2001 (step S1001), decoded by adecoder section 2002 (step S1002), and sent to a decision section 2003to check the license condition, thereby deciding whether the license isvalid (steps S1003 and S1004). Decision whether the license is valid ismade by deciding whether the license condition is satisfied, i.e.,whether the license for the contents has not expired.

If the decision section 2003 decides that the license is valid (thecontents can be used), the contents decoding key contained in thelicense information is output to an information usage device (e.g., aset top box) 2020 (step S1005).

If it is decided that the license is invalid (the contents cannot beused), the license information is sent to an updated informationgeneration section 2004 to arrange information necessary for updatingthe license (i.e., updating the license information) and generateupdated information for updating the license information. The updatedinformation is output to a license information update device 2008through a predetermined communication line (e.g., a leased line or theInternet) (steps S1006 to S1010).

The updated information generation section 2004 generates updatedinformation (FIG. 56) containing at least the ID of the contents and apublic key of the decoder unit A, which is generated by a key generationsection 2006, on the basis of the desired license condition of a user'schoice (later expiration date) input through a license condition inputsection 2009 and the license information sent from the decision section2003.

As described above, the decoder unit A has the key generation section2006 for generating a secret key for decoding encrypted licenseinformation. The key generation section 2006 generates a key forencrypting/decoding license information. As a key generation method, akey generation algorithm for a public key cipher may be used. For an RSAcipher, a random number and prime number decision algorithm is used togenerate two prime numbers p and q each having an appropriate length(e.g., about 512 bits).

Even in a random number algorithm common to all decoder units A, whenthe seed of a random number is set in units of, e.g., microseconds, thesame prime number is less likely to be generated.

Next, N is obtained from N=p·q. At the same time, M=(p−1)(q−1) iscalculated, and integers e and d for satisfying

ed≡1(mod M)

are obtained (0<e, and d<M). The integers e and d can be relativelyeasily obtained by obtaining d first and then obtaining e correspondingto d using an Euclidean algorithm. One (e.g., e) of the integers is usedas a secret key, and the other (e.g., d) as a public key. A public keycipher is realized on the basis of the known RSA cipher algorithm usingthese keys.

These keys are unique to the decoder unit A. Even when the keys are readout from the decoder unit by some device, the keys cannot be used inother units. When a key holder section 2005 sets the expiration date forthe keys, the keys cannot be used even in the same unit after apredetermined period. The key generation section 2006 is driven by thekey holder section 2005.

The key holder section 2005 sends a key generation instruction to thekey generation section 2006 at a predetermined timing. This timing isgenerally set on the basis of time referred to by, e.g., a clockreference section 2007 in FIG. 54.

FIG. 58 is a flow chart for explaining the procedure of key generationprocessing by the key holder section 2005 and the key generation section2006. The key holder section 2005 refers to the time through the clockreference section 2007 at a predetermined timing (step S1021). If it ispredetermined key update time, a key generation instruction is sent tothe key generation section 2006. The key generation section 2006generates the above-described public key and secret key (steps S1022 andS1023). If the current time is not the key update time, processing waitsfor a predetermined period (step S1025). The public key and secret keygenerated by the key generation section 2006 are held in the key holdersection 2005 (step S1024).

As described above, once keys are generated as the initializationoperation for the first use of the decoder unit A, different decoderunits A can effectively obtain different keys without generating keys bythe key generation section 2006 many times. Alternatively, differentkeys may be set in the key holder section 2005 in shipment from thefactory, as a matter of course. In this case, the key generation section2006 can be omitted.

As the characteristic feature of the decoder unit A of the presentinvention, to update the license information, the public key held in thekey holder section 2005 must be transmitted to the license informationupdate device 2008 together with other information necessary forupdating the license information (the public key is used to encrypt theupdated license information generated by the license information updatedevice 2008). This procedure is performed by the updated informationgeneration section 2004.

The updated information generation section 2004 is started when thedecision section 2003 decides on the basis of the license informationthat the contents cannot be used, so that the updated informationgeneration section 2004 starts the license condition input section 2009and prompts the user to input a desired license condition (e.g., a laterexpiration date). Simultaneously, the updated information generationsection 2004 prompts the key holder section 2005 to output the publickey, describes the obtained public key and desired license condition ina predetermined format together with information necessary foraccounting, e.g., a contents ID sent from the decision section 2003, andsends them to the license information update device 2008 as updatedinformation (FIG. 56) for updating the license information.

The clock reference section 2007 which refers to an internal clock 201(external clock, as needed) is used to set the key generation timing ofthe key holder section 2005 or check the expiration date in the licensecondition.

(2) Decoder Unit B

FIG. 59 shows an arrangement of another decoding decision device, i.e.,a decoder unit B. The decoder unit B can prevent a contents decoding keyfrom existing in the decoder unit (even temporarily) as unencrypteddata.

If analysis of the unit reveals that a contents decoding key is presentin the unit as unencrypted data, the contents decoding key may be read.If the contents decoding key can be constantly read, any contentsdecoding key can be acquired using this method (without knowing thesecret key of the decoder unit), resulting in a serious problem insecurity of license protection. This problem cannot be solved by theabove-described decoder unit A which generates a new secret key at apredetermined period and replaces it with an old key, because of itsnature.

In the decoder unit B, the contents decoding key is kept encrypted, sothe encrypted contents decoding key cannot be decoded using onlyinformation in the decoder unit.

The operations of various portions of the decoder unit B shown in FIG.59 will be described with reference to the flow chart shown in FIG. 61.

Encrypted license information is input to the decoder unit B through thelicense information input section 2001 and decoded by the decodersection 2002 using a secret key held in the decoder unit B in advance(steps S1031 and S1032).

FIG. 60 shows an example of license information to be input to thedecoder unit B. As shown in FIG. 60, the license information contains atleast a contents ID, the license condition for the contents, anencrypted contents decoding key [kc] K_(AB), and common key generationinformation ka for decoding the encrypted contents decoding key. Thecontents decoding key kc is encrypted using the common key K_(AB).

The license information decoded by the decoder section 2002 is sent tothe decision section 2003 to decide the license condition (step S1033).If the license condition is satisfied, the encrypted contents decodingkey [kc] K_(AB) and the common key generation information ka are sent tothe information usage device 2020 (steps S1034 and S1035).

If the decision section 2003 decides that the contents cannot be used, acontents ID and the like necessary for updating the license are sent tothe updated information generation section 2004 (steps S1034 and S1036).

The updated information generation section 2004 prompts, through acommon key generation information extracting section 2031, theinformation usage device 2020 which uses the contents to output commonkey generation information kb necessary for encrypting the contentsdecoding key in the license information update device 2008.

The pieces of common key generation information ka and kb for encryptingthe contents decoding key will be described. For a public key cipher(e.g., an ellipse curve cipher) with security based on the discretelogarithmic problem, the following common key generation protocol can beconsidered. An element x common to the information usage device 2020 andthe license information update device 2008 is defined in advance. Inaddition, an integer b (defined at the time of, e.g., shipment) and anelement X^(b) calculated from x and b are obtained and stored in theinformation usage device 2020 in advance. If license update isrequested, x^(b) is sent to the decoder unit B as the common keygeneration information kb.

The decoder unit B generates updated information (FIG. 62) containingnot only the desired license condition input by the user from thelicense condition input section 2009 but also the common key generationinformation kb and contents ID and send the updated information to thelicense information update device 2008.

(kb)^(a) =x ^(ab)

is calculated by the license information update device 2008 incorrespondence with the common key generation information kb=x^(b) fromthe decoder unit B using an integer a defined by itself using a randomnumber or the like, and set as the common key K_(AB) for the informationusage device 2020 for decoding the contents decoding key.

The license information update device 2008 adds the common keygeneration information ka generated by the license information updatedevice 2008 itself, i.e., x^(a) to the updated license information, asshown in FIG. 60. This updated license information is sent to theinformation usage device 2020 through the decoder section 2002 and thedecision section 2003.

The information usage device 2020 calculates

(ka)^(b)=(xa)^(b) =x ^(ab) =K _(AB)

from the integer b unique to each information usage device, which isheld in advance in the device, and the common key generation informationka sent from the decoder unit B, thereby obtaining the common keyK_(AB).

With this arrangement, even when the secret key of the decoder unit B isread, the contents decoding key cannot be obtained only from theinformation in the decoder unit B.

This is because it is difficult in terms of calculation amount togenerate K_(AB)=x^(ab) from ka=x^(a) and kb=x^(b) as common keygeneration information. For this purpose, the integers a and b must beobtained. A problem for obtaining a from x^(a) and the publicinformation x is called a discrete logarithmic problem. For the publickey cipher (e.g., the ellipse curve cipher) with security based on thediscrete logarithmic problem, the calculation is difficult in terms ofcalculation amount. For this reason, the contents decoding key can beprevented from existing in the decoder unit B as unencrypted data, so asystem for preventing the contents decoding key kc from being extractedeven when the secret key for decoding license information in the decoderunit B is read out.

Referring back to FIG. 61, the information usage device 2020 which usesthe contents to update the license outputs the key generationinformation kb in response to the request from the common key generationinformation extracting section 2031. Upon receiving the key generationinformation kb, the common key generation information extracting section2031 sends the key generation information kb to the updated informationgeneration section 2004 (step S1037). Simultaneously, the common keygeneration information extracting section 2031 starts the licensecondition input section 2009 to prompt the user to input a desiredlicense condition. The updated information generation section 2004generates updated license information (FIG. 62) from the input desiredlicense condition and the contents ID and common key generationinformation kb which have been separately obtained, and transmits thelicense information to the license information update device 2008through a predetermined communication line (or the Internet) (stepsS1038 to S1040).

As is apparent, a decoder unit C having both the function of the decoderunit A which individually holds or generates the public key and thesecret key and the function of the decoder unit B which encrypts thecontents decoding key using the common key between the licenseinformation update device 2008 and the information usage device 2020 canbe constituted.

In this case, license information as shown in FIG. 60 is encrypted usinga public key supplied from the decoder unit C and input to the decoderunit C as shown in FIG. 63. The same reference numerals as in thedecoder unit A in FIG. 54 denote the same parts in FIG. 63. The decoderunit C is different from the decoder unit A in that the updatedinformation generation section 2004 accesses the information usagedevice 2020 to acquire the key generation information kb held in theinformation usage device 2020 in updating the license, generates updatedlicense information as shown in FIG. 64, which contains at least theacquired key generation information kb, the public key generated by thekey generation section 2006, and the input desired license condition andcontents ID, and transmits the license information to the licenseinformation update device 2008.

(3) Decoder Unit D

In a decoder unit D, the decoding key is a common key used for thelicense information update device 2008 only once, unlike the decoderunit A or B. More specifically, the decoding key is generated every timedecoding is performed, and no decoding key need be held in the decoderunit D. This means that the decoding key which must be kept secret istemporarily generated and can be erased from the memory immediatelyafter use, so the security of the decoder unit can be effectivelyimproved.

FIG. 66 shows an example of license information input to the decoderunit D. The license information has an encrypted portion and anunencrypted portion, as shown in FIG. 66. The encrypted portion containsat least the contents license condition, the contents decoding key kc,and the contents ID, and the entire portion is encrypted using thecommon key K_(AB) between the decoder unit D and the license informationupdate device 2008. The unencrypted portion is constituted by at leastthe common key generation information ka generated by the licenseinformation update device 2008 to generate the common key K_(AB), andthe common key generation information kb generated by the decoder unit Dby the method to be described below. The method of generating the commonkey K_(AB) is the same as that in the decoder unit B.

FIG. 65 shows an arrangement of the decoder unit D. The operations ofvarious portions of the decoder unit D shown in FIG. 65 will bedescribed below with reference to the flow chart shown in FIG. 67.

License information is input through the license information inputsection 2001 (step S1051). The input license information is divided intothe encrypted portion and the unencrypted portion by the licenseinformation input section 2001. The encrypted portion is sent to thedecoder section 2002, and the pieces of common key generationinformation ka and kb in the unencrypted portion are sent to a decodingkey generation section 2041 (step S1052).

The decoding key generation section 2041 sends the common key generationinformation kb to a common key generation information generation section2042 and acquires common key information b corresponding to the commonkey generation information kb by looking up a table 2043 stored in thecommon key generation information generation section 2042 (steps S1053and S1054). In response to this, the decoding key generation section2041 generates the common key K_(AB) from the pieces of common keygeneration information ka and b (step S1055).

The common key K_(AB) is sent to the decoder section 2002 and used todecode the encrypted portion of the license information (step S1056).

The decoded license information is sent to the decision section 2003 tocheck the license condition (step S1057). If it is decided that thecontents can be used, the contents decoding key kc is output to theinformation usage device 2020 (steps S1058 and S1059). If it is decidedthat the contents cannot be used, the updated information generationsection 2004 is notified of it and instructs the common key generationinformation generation section 2042 to generate common key generationinformation.

The common key generation information generation section 2042 generatesa pair of the common key information b and common key generationinformation kb in accordance with this instruction, and registers themin the table 2043 incorporated in the common key generation informationgeneration section 2042 (step S1060). The generated common keygeneration information kb is sent to the updated information generationsection 2004.

The updated information generation section 2004 prompts the licensecondition input section 2009 to input a desired license condition. Thelicense condition input section 2009 receives input of the desiredlicense condition from the user through an appropriate human interfaceand sends it to the updated information generation section 2004.

The updated information generation section 2004 generates updatedinformation as shown in FIG. 69 on the basis of information obtained bythe above process, transmits the updated information to the licenseinformation update device 2008 through a predetermined communicationline, and receives the updated license information (steps S1061 toS1063).

The license information update device 2008 generates the common keygeneration information ka and the common key K_(AB), updates the commonkey generation information ka shown in FIG. 66 to the generated commonkey generation information ka, and the common key generation informationkb to the common key generation information kb contained in the updatedinformation, and encrypts the license condition and the like which areupdated on the basis of the desired license condition contained in theupdated information, using the generated common key K_(AB), therebyupdating the license information.

When the decoder unit D is to reproduce and use the contents for thefirst time, the common key generation information kb has not beengenerated. For this reason, the decoding key generation section 2041cannot generate the common key K_(AB), so the license information cannotbe decoded (step S1053).

Processing in this case will be described with reference to the flowchart shown in FIG. 68. In this case, the unencrypted portion of thelicense information does not have the common key generation informationkb (alternatively, invalid information such as a NULL code iscontained). Under this situation, the decoding key generation section2041 detects that this reproduction is to be done for the first use andinstructs the common key generation information generation section 2042to generate common key generation information. In response to thisinstruction, the common key generation information generation section2042 generates the pair of the common key information b and common keygeneration information kb and sends an instruction for updating thecommon key generation information kb and license (step S1071).

In this case, the encrypted portion of the license information has beenencrypted using a secret key ks (the secret key ks is commonly used forall decoder units D). The decoder section 2002 receives the secret keyks from the decoding key generation section 2041 and decodes theencrypted portion (step S1072). The contents ID is extracted from thedecoded portion of the license information (step S1073).

In response to this, the updated information generation section 2004prompts the license condition input section 2009 to input the desiredlicense condition and receives input of the desired license conditionfrom the user through the license condition input section 2009 (stepS1074). The contents ID, the desired license condition, and the commonkey generation information kb, which are obtained by the above process,are described in a format shown in FIG. 69 and transmitted to thelicense information update device 2008 (step S1075). With thisprocessing, the updated license information is issued.

In reproduction for the first use, when no effective contents decodingkey is inserted into the encrypted portion of the license information,the security is further improved. More specifically, if no contentsdecoding key is contained in the original license information, nocontents decoding key can be extracted even when the common secret keyks leaks. In this case, encryption is made to prevent the contents IDfrom being changed.

In the above arrangement, the decoding key K_(AB) must be generatedevery time decoding is performed, and a new decoding key K_(AB) must beused for decoding every time the license information is updated (a newdecoding key is generated from the common key information b retrievedfrom the table 2043 in correspondence with the common key generationinformation kb contained in the license information). For this reason,the influence of leakage of the decoding key K_(AB) is minimized. Inaddition, since the common key cipher at a much higher speed than thepublic key cipher can be used, even license information with a largedata size can be decoded in real time, and the contents useenable/disable state based on the license condition contained in thelicense information can be reflected.

Variations of the decoder unit D will be described next.

First, the common key generation information kb to be generated by thedecoder unit D may be fixed. In this case, the security lowers to somedegree. However, the common key K_(AB) is changed every time the commonkey generation information ka generated by the license informationupdate device 2008 changes, so the validity of the decoder unit D ismaintained. The common key generation information generation section2042 shown in FIG. 65 can be omitted. Predetermined common keygeneration information kb and common key information b can be held inthe decoding key generation section 2041.

When the decoder unit D is to reproduce and use the contents informationfor the first time, the license must always be updated in accordancewith acquisition of the common key generation information kb, as shownin FIG. 68. To solve this problem, the license information is encryptedusing a predetermined common key K_(com) or public key K_(p) only forthe first time. In this case, the secret key K_(p) corresponding to thecommon key K_(com) or public key K_(p) must be held in the decoder unitD and used only for the first time. In this arrangement, the contentsdecoding key must always be contained, though it need not be containedin processing for the first use shown in FIG. 68.

More specifically, in step S1053 in FIG. 67, the updated informationgeneration section 2004 decides that the reproduction is to be performedfor the first time because the pieces of common key generationinformation ka and kb are not present, and the decoder section 2002decodes the license information using the common key K_(com) or publickey K_(p) held in the decoding key generation section 2041 or decodersection 2002. Subsequent processing is the same as that from step S1054in FIG. 67.

Alternatively, the common key generation information kb to be generatedby the decoder unit D may be generated by the information usage device2020. FIG. 70 shows the arrangement of a decoder unit D′ for thispurpose. As shown in FIG. 70, the common key generation informationgeneration section 2042 in FIG. 65 is replaced with the informationusage device 2020. Since the information usage device 2020 is setoutside the decoder unit D′, the common key information b must be keptsecret. However, this problem can be solved by performing encryptionusing a temporarily key between the decoding key generation section 2041and the information usage device 2020. In this case, even the common keyinformation b need not be held in the decoder unit D′, so the securityis further improved as compared to the decoder unit D. The informationusage device 2020 is also attacked, and an individual measure must betaken because information usage devices are mounted in differentmanners. The security level can be changed for each information usagedevice 2020. The processing operation of the decoder unit D′ is the sameas that in the flow charts shown in FIGS. 67 and 68.

(4) License Information Update Device Corresponding to Decoder Unit A

FIG. 71 shows an arrangement of the license information update device2008 corresponding to the above-described decoder unit A. The processingoperations of various portions of the license information update device2008 in FIG. 71 will be described below with reference to the flow chartshown in FIG. 72.

Updated license information transmitted from the decoder unit A is inputto the license information update device 2008 through the updatedinformation input section 2051 (step S1081).

The updated information to be used at this time is the updatedinformation shown in FIG. 56, i.e., information containing the desiredlicense condition, the contents ID, the public key generated by thedecoder unit A, and the like, which is necessary for updating thelicense. The contents ID is used to specify the contents for which thelicense is to be given. On the basis of the contents ID, accountinginformation corresponding to the desired license condition can beacquired using the database incorporated in the license informationupdate device 2008, and the contents decoding key can also be acquiredusing the database. For this reason, the contents decoding key need notbe input to the license information update device 2008 to update thelicense information, and the updated information in FIG. 56 need not beencrypted before transmission. This is the characteristic feature of thelicense information update device 2008 shown in FIG. 72.

The updated information shown in FIG. 56, which is input from an updatedinformation input section 2051, is sent to a fee claiming section 2052.The desired license condition contained in the updated information issent to a fee inquiry section 2057.

The fee inquiry section 2057 accesses a fee database (DB) 2058 toacquire a fee corresponding to the desired license condition (stepsS1082 and S1083). If the valid period of “two months” is designated asdesired period, a contents usage fee value corresponding to the periodis retrieved and transferred to the fee inquiry section 2057 and the feeclaiming section 2052.

The fee claiming section 2052 accesses a predetermined electronicbanking system 2060 through a predetermined communication line to send,to the client, a fee claim based on the acquired fee value and clientdata contained in the updated information. The electronic banking system2060 executes predetermined electronic payment processing (step S1084).

A payment confirmation section 2053 in the license information updatedevice 2008 communicates with the electronic banking system 2060 througha predetermined communication line to confirm fee payment, and the flowadvances to processing in a contents decoding key acquisition section2054 (step S1085).

The contents decoding key acquisition section 2054 searches a contentsdecoding key database (DB) 2059 for a contents decoding key using thecontents ID as a key (step S1086). Since it is assumed that the licenseinformation update device 2008 is managed and operated by a specificreliable agency, the contents decoding key DB 2059 and the obtainedcontents decoding key need not be encrypted.

A license information encryption section 2055 constructs licenseinformation on the basis of the obtained information (step S1087),encrypts the license information using a public key contained in theupdated information shown in FIG. 56, which has been received in advance(step S1088), and transmits the license information to the client as alicense information update request source, i.e., the decoder unit Athrough a predetermined communication line (step S1089).

(5) License Information Update Device Corresponding to Decoder Unit B

FIG. 73 shows an arrangement of the license information update device2008 corresponding to the above-described decoder unit B. The processingoperations of various portions of the license information update device2008 in FIG. 73 will be described below with reference to the flow chartshown in FIG. 74.

The same reference numerals as in FIG. 71 denote the same parts in FIG.73, and only different portions will be described. Referring to FIG. 73,a common key generation section 2061 and a contents decoding keyencryption section 2062 are inserted between the contents decoding keyacquisition section 2054 and the license information encryption section2055. The same reference symbols as in the flow chart of FIG. 72 denotethe same operations in the flow chart of FIG. 74, and only differentportions will be described. Between steps S1086 and S1087, the integer aand the common key generation information ka are generated by the commonkey generation section 2061. The common key K_(AB) is generated from theinteger a and common key generation information ka, and the common keygeneration information kb unique to the information usage device 2020,which is contained in the updated information (steps S1091 and S1092).The encryption section 2062 encrypts the contents decoding key newlyacquired in step S1086 using the newly generated common key K_(AB) (stepS1093).

In the arrangement shown in FIG. 73, to encrypt the contents decodingkey and insert it in the license information, the common key generationsection 2061 must generate a common key between the information usagedevice 2020 and the license information update device 2008 to decode theencrypted contents decoding key. The common key is generated usingcommon key generation information, as described about the decoder unitB. Therefore, the updated information input to the license informationupdate device 2008 in FIG. 73 contains at least the desired licensecondition, the contents ID, and the common key generation information kbgenerated by the information usage device 2020 using a random number orthe like, as shown in FIG. 62.

In step S1088, the newly generated license information is encrypted bythe license information encryption section 2055 using a predeterminedpublic key.

In a license information update device corresponding to the decoder unitC having both the function of the decoder unit A which individuallyholds or generates the public key and the secret key and the function ofthe decoder unit B which encrypts the contents decoding key using thecommon key between the license information update device 2008 and theinformation usage device 2020, the updated information to be input alsocontains a public key generated by the decoder unit C. In step S1088 inFIG. 74, the generated license information is encrypted using the publickey.

A license information update device corresponding to the decoder unit Dor D′ has almost the same arrangement as described above. As thedifferent point, the encryption section 2062 shown in FIG. 73 encryptsthe license condition, the contents decoding key kc, and the contents IDusing the common key K_(AB) to generate license information as shown inFIG. 66, and outputs the generated license information directly throughthe license information output section 2056.

(Third Embodiment)

FIG. 75 shows an arrangement of an information distribution systemaccording to the third embodiment.

In FIG. 75, the user acquires contents information as an accountingobject recorded on a removable information storage medium (to be simplyreferred to as a medium hereinafter) such as a DVD. License informationfor the contents information is also recorded on the medium. Theinformation reproducing apparatus of the user incorporates a decoderunit, and it is decided on the basis of the license information readfrom the medium whether the contents can be used.

If the contents cannot be used, the license information must be updatedfor the user to use the contents. More specifically, the licensecondition contained in the license information, i.e., the license mustbe updated. The license condition, i.e., the license information isupdated in a shop having a license update terminal for this purpose. Thelicense update terminal is connected to a license server operated by alicense sales agency. The user designates a desired license condition(e.g., designation of contents and the expiration date therefor) andpays a corresponding license fee (contents fee corresponding to thelicense condition) to the shop. The license update terminal communicateswith the license server and updates the license information recorded onthe medium on the basis of information sent from the license server,thereby updating the license. For example, when the user purchases alicense with an expiration date, the contents can be used withoutupdating the license before it expires.

FIG. 76 shows another arrangement of the information distributionsystem. As a different point from FIG. 75, at least the function of thedecoder unit is incorporated in a card type recording medium such as anIC card. The card type recording medium such as an IC card incorporatinga decoder unit will be called a decoding decision card hereinafter. Inthis case, to update the license, the user goes to the shop having thelicense update terminal with the decoding decision card. The licenseupdate terminal reads a public master key from the decoding decisioncard and transfers it to the license server. The user designates adesired license condition (e.g., designation of contents and theexpiration date therefor) and pays a corresponding license fee (contentsfee corresponding to the license condition) to the shop. The licenseupdate terminal communicates with the license server and updates thelicense information recorded on the medium on the basis of informationsent from the license server, thereby updating the license.

The public master key will be described later.

In FIG. 75, the decoder unit need not always be incorporated in theinformation reproducing apparatus and may have the shape of the decodingdecision card shown in FIG. 76 and detachably inserted into theinformation reproducing apparatus. The information distribution systemsshown in FIGS. 75 and 76 will be described below while exemplifying theuse of the decoding decision card.

(1) Information Distribution System in FIG. 75

(1-1) Information Reproducing Apparatus

FIG. 77 shows an arrangement of an information reproducing apparatushaving a decoding decision card. The information reproducing apparatusis constituted by connecting, to a bus 3007, a decoding decision card3001, a media readout device 3003, an information reproduction device3004, a clock 3005, and a central processing unit 3006.

The clock 3005 is used to decide whether the expiration date forcontents as a license condition is valid/invalid. As described above inthe first embodiment, time is set using an encrypted command. Inupdating the license, a time setting operation is performed to adjustthe time of this clock in correspondence with the time of the server.This operation has been described above. With this processing, the clock3005 can maintain almost correct time.

The media readout device 3003 reads information recorded on a medium3002 such as a DVD. The decoding decision card 3001 decides on the basisof the readout information whether the contents information recorded onthe medium 3002 can be used. If it is decided that the contentsinformation can be used, the information reproduction section 3004 canreproduce the contents information read from the medium 3002 by themedia readout device 3003. The central processing unit 3006 controls theoperation of each section.

Each of the decoding decision card 3001 and the clock 3005 shown in FIG.77 holds key generation information Kt. Each of the decoding decisioncard 3001 and the information reproduction device 3004 holds keygeneration information K′t.

On the basis of random numbers A and B and the key generationinformation Kt, a transfer key KT which is valid only once toencrypt/decode current time information to be transferred between theclock 3005 and the decoding decision card 3001 is generated. Inaddition, on the basis of random numbers C and D and the key generationinformation K′t, the transfer key KT which is valid only once toencrypt/decode a contents key Kc for decoding contents informationencrypted between the decoding decision card 3001 and the informationreproduction section 3004 is generated. With this processing,information transferred through the bus 3007 is protected.

The medium 3002 stores the following information.

License information ([license information] KM) encrypted using a masterkey KM

Master key ID as an identifier (e.g., a number) for designating themaster key KM for decoding the license information

Contents information ([contents information] Kc) encrypted using thecontents key Kc

In the following description, both the encryption and decoding keys tobe used to encrypt/decode the license information will be called themaster keys KM, and the encryption and decoding keys of the licenseinformation are not always identical.

The license information has the following information.

Contents key Kc

Contents ID

Contents license condition such as an expiration date, use start time,license information recording time, and the like

FIG. 78 is a flow chart showing the processing operation of theinformation reproducing apparatus shown in FIG. 77, which is used in theinformation distribution system shown in FIG. 75.

The media readout device 3003 reads out the master key ID and the[license information] KM from the medium 3002 set in the media readoutdevice 3003 and transfers them to the decoding decision card 3001 (stepsS3001 and S3002).

The clock 3005 generates the random number A in accordance with apredetermined algorithm and transfers it to the decoding decision card3001 (step S3003). The decoding decision card 3001 also generates therandom number B in accordance with a predetermined algorithm andtransfers it to the clock 3005 (step S3004). With this processing, thedecoding decision card 3001 and the clock 3005 mutually confirms therandom numbers A and B.

The decoding decision card 3001 and the clock 3005 generate the transferkey KT from the random numbers A and B and the key generationinformation Kt held in them (steps S3005 and S3006). The clock 3005encrypts current time information using the generated transfer key KT([current time] KT) and transfers it to the decoding decision card 3001(step S3007).

The decoding decision card 3001 decodes the license information usingthe master key KM designated by the master key ID, decodes the [currenttime] KT transferred from the clock 3005 using the generated transferkey KT, and decides on the basis of the decoded license information andtime information whether the contents information designated by thecontents ID can be used, i.e., decoded (step S3008). If it is decidedthat decoding cannot be performed, processing is ended.

If it is decided that decoding can be performed (YES in step S3009), thedecoding decision card 3001 generates the random number C on the basisof a predetermined algorithm and transfers it to the informationreproduction section 3004 (step S3010). The information reproductiondevice 3004 also generates the random number D on the basis of apredetermined algorithm (step S3011). With this processing, the decodingdecision card 3001 and the information reproduction section 3004mutually confirm the random numbers C and D.

The decoding decision card 3001 and the information reproduction section3004 generate a transfer key K′T from the random numbers C and D and thekey generation information K′t held in them (steps S3012 and S3013). Thedecoding decision card 3001 encrypts the contents key Kc contained inthe license information using the generated transfer key K′T ([Kc] K′T)and transfers it to the information reproduction section 3004 (stepS3014).

The media readout device 3003 reads out the [contents] Kc from themedium 3002 and transfers it to the information reproduction section3004 (step S3015).

The information reproduction section 3004 decodes [Kc] K′T using thegenerated transfer key K′T and decodes the contents information usingthe resultant contents key Kc (step S3016).

(1-2) Decoding Decision Card

FIG. 79 shows an arrangement of the decoding decision card 3001.

A time transfer section 3012 receives time information counted by theclock 3005 incorporated in the information reproducing apparatus shownin FIG. 77 and transfers it to a decoding decision section 3013.

A contents key transfer section 3014 performs an operation oftransferring the contents key Kc to the information reproduction section3004 in FIG. 77 while protecting the contents key Kc.

A data transfer section 3011 is used to send/receive information otherthan the time information to be transferred from the clock 3005 and thecontents key to be transferred to the information reproduction section3004 to/from the media readout device 3003, the information reproductionsection 3004, and the decoding decision card 3001.

The time transfer section 3012 and the data transfer section 3011 areseparately arranged to perform special processing such as dataprotection using a temporary key or time-out by the clock in accordancewith time transfer.

FIG. 80 is a flow chart showing details of the processing operation ofthe decoding decision card 3001 shown in FIG. 79 until output of thecontents information use enable/disable decision result.

The master key ID and [license information] KM transferred from themedia readout device 3003 in step S3002 in FIG. 78 are input to thedecoding decision section 3013 through the data transfer section 3011(step S3021). The random number A transferred from the clock 3005 instep S3003 in FIG. 78 is input to the time transfer section 3012 (stepS3022). Upon receiving the random number A, the time output section 3022generates the random number B and generates the transfer key KT from therandom number B and the random number A which has been received inadvance (steps S3023 and S3024). The random number B is transferred tothe clock 3005 (step S3025). Simultaneously, the time output section3022 starts to increment the clock counter (step S3026).

The [current time] KT transferred from the clock 3005 in step S3007 inFIG. 78 is input to the time output section 3022 (step S3027). If thecounter value of the time output section 3022 exceeds a predeterminedvalue Ct, processing is ended (step S3028).

The counter value Ct means the time-out time and is a predeterminedpositive integer. In this embodiment, the decoding decision cardacquires the time information outside the decoding decision card 3001.Therefore, it is important that the acquired time information is valid.For this purpose, the random numbers A and B are exchanged between theclock 3005 and the time transfer section 3012 of the decoding decisioncard 3001, and the time information is encrypted using the key KT whichis valid only once, and transferred. However, only with this processing,illicitness such as intended delay of time information transfer cannotbe prevented.

To prevent illicitness of this type, the time transfer section 3012stops processing unless the time information arrival time, i.e., timefrom output of the random number B from the time transfer section 3012to arrival of the (encrypted) time information at the time transfersection 3012 is equal to or shorter than the predetermined time Ct.

If the [current time] KT is input within a predetermined period, the[current time] KT is decoded using the transfer key KT generated inadvance to obtain time information (step S3029). The time information istransferred to the decoding decision section 3013. The decoding decisionsection 3013 decides on the basis of the decoded license information andtime information whether the contents information designated by thecontents ID can be used, i.e., decoded (step S3031). If it is decidedthat the contents information cannot be decoded, processing is ended.

If it is decided that decoding is enabled (YES in step S3032), thedecoding decision section 3013 outputs the contents key kc contained inthe license information to the contents key transfer section 3014 (stepS3033).

The contents key transfer section 3014 generates the random number C andtransfers it to the information reproduction section 3004 (step S3034).When the random number D transferred from the information reproductionsection 3004 is input to the contents key transfer section 3014 in stepS3011 in FIG. 78, the transfer key K′T is generated from the randomnumbers D and C (steps S3035 and S3036). The contents key transfersection 3014 encrypts the contents key Kc using the generated transferkey K′T ([Kc] K′T) and transfers it to the information reproductiondevice 3004 (step S3038).

(1-3) Time Transfer Section of Decoding Decision Card

The time transfer section 3012 shown in FIG. 79 will be described nextin more detail. FIG. 81 shows an arrangement of the time transfersection 3012 which has a verification section 3021, a clock counter3023, and a time output section 3022.

Referring to FIG. 81, the clock counter 3023 counts logic drivingclocks.

FIG. 82 shows an arrangement of the verification section 3021.

In FIG. 82, a secret key storage section 3021 e holds the key generationinformation Kt.

A transfer key generation section 3021 f generates the transfer key KTas a secret key from the random numbers A and B and the key generationinformation Kt using an appropriate algorithm. This algorithm is thesame as the secret key generation algorithm used in a correspondingverification section of the clock 3005, and therefore, the decodingdecision card 3001 and the clock 3005 can share the transfer key KT.

An input/output section 3021a holds the predetermined counter value Ctand decides time-out with reference to the value of the clock counter3023. As the value Ct, the clock count necessary from reception of therandom number B by the clock 3005 to transmission of encrypted timeinformation is set with a certain margin for transfer.

FIG. 83 is a flow chart for explaining the processing operation of theverification section shown in FIG. 82.

The random number A input to the time transfer section 3012 in stepS3022 in FIG. 80 is input to the input/output section 3021 a of theverification section 3021 first (step S3041) and stored in a randomnumber storage section 3021 b (step S3042). Next, a random numbergeneration section 3021 c generates the random number B in accordancewith a predetermined algorithm (step S3043) and stores it in a randomnumber storage section 3021 d and simultaneously transfers the randomnumber B to the input/output section 3021 a (step S3045).

The transfer key generation section 3021 f reads out the random numbersA and B stored in the random number storage sections 3021 b and 3021 d,respectively, and the key generation information Kt stored in the secretkey storage section 3021 e to generate the transfer key KT (step S3046)and stores it in a transfer key storage section 3021 g (step S3047).

The input/output section 3021 a resets the clock counter 3023 andtransfers the random number B to the clock 3005 (steps S3048 and S3049).

The [current time] KT input to the time transfer section 3012 in stepS3027 in FIG. 80 is input to the input/output section 3021 a first (stepS3050). The input/output section 3021 a reads the counter value of theclock counter 3023 and compares it with the value Ct. If the countervalue is equal to or smaller than the value Ct, the flow advances tostep S3053. If the counter value exceeds the value Ct (timeout),processing is ended (steps S3051 and S3052).

In step S3053, the [current time] KT is transferred to a decoder section3021 h. The decoder section 3021 h reads out the transfer key KT fromthe transfer key storage section 3021 g and decodes the [current time]KT using the transfer key KT, thereby obtaining current time information(steps S3053 and S3054).

A data format confirmation section 3021 i confirms the data format ofthe current time information (step S3055). For example, the current timeinformation has a data format to be described below.

“current time”/current time/“00000000”

The current time expressed by a character string follows the characterstring “current time”. The last one-byte data “0” is a delimiter. Thecurrent time is assumed to be elapsed time from 0:00, Jan. 1, 1998 whichis represented on the minute order.

The data format confirmation section 3021 i outputs the current timeinformation to the time output section 3022 only when the data format ofthe current time information satisfies the above-described predeterminedformat (step S3056).

The time output section 3022 outputs the time information to thedecoding decision section 3013 (step S3030 in FIG. 80).

To transfer the current time information, an encryption scheme usingidentical encryption and decoding keys (KT) is employed. However, thepresent invention is not limited to this, and transfer protection can berealized in the same arrangement and operation as described above evenwhen different keys are used.

(1-4) Contents Key Transfer Section of Decoding Decision Section

The contents key transfer section 3014 shown in FIG. 79 will bedescribed next in more detail. FIG. 84 shows an arrangement of thecontents key transfer section 3014 which has a verification section 3031and a contents key input section 3032.

FIG. 85 shows an arrangement of the verification section 3031. Theprocessing operation of the verification section 3031 will be describedwith reference to the flow chart shown in FIG. 86.

A random number generation section 3031 c generates the random number Con the basis of a predetermined algorithm and stores it in a randomnumber storage section 3031 d (step S3061). At the same time, the randomnumber generation section 3031 c transfers the random number C to theinformation reproduction section 3004 through an input/output section3031 a (step S3062).

The random number D transferred from the information reproductionsection 3004 is input through the input/output section 3031 a and storedin a random number storage section 3031 b (step S3064).

A transfer key generation section 3031 f reads out the random numbers Cand D which are stored in the random number storage sections 3031 b and3031 d, respectively, and the key generation information K′t stored in asecret key storage section 3031 e to generate the transfer key K′T andstores it in a transfer key storage section 3031 g (steps S3065 andS3066).

If the decoding decision section 3013 decides, in step S3032 in FIG. 80,that decoding can be performed, the decoding decision section 3013transfers the contents key Kc to the contents key transfer section 3014(step S3033 in FIG. 80). The contents key Kc is input to an encryptionsection 3031 h shown in FIG. 85. The encryption section 3031 h reads outthe transfer key K′T from the transfer key storage section 3031 g,encrypts the contents key Kc using the transfer key K′T ([Kc] K′T), andtransfers the contents key Kc to the information reproduction section3004 through the input/output section 3031 a (step S3069).

(1-5) Clock

FIG. 87 shows an arrangement of the clock 3005 in FIG. 77. The clock3005 has a verification section 3041 and a clock counter 3042.

The clock counter 3042 counts the time.

FIG. 88 shows an arrangement of the verification section 3041 of theclock 3005. The processing operation of the verification section 3041will be described next with reference to the flow chart shown in FIG.89.

A random number generation section 3041 c generates the random number Ausing a predetermined algorithm and stores it in a random number storagesection 3041 d (step S3071). Simultaneously, the random numbergeneration section 3041 c transfers the random number A to the decodingdecision card 3001 through an input/output section 3041 a (step S3072).

The random number B transferred from the decoding decision card 3001 isinput to the input/output section 3041 a and stored in a random numberstorage section 3041 b (step S3073).

A transfer key generation section 3041 f reads out the random numbers Aand B which are stored in the random number storage sections 3041 d and3041 b, respectively, and the key generation information K′t from asecret key storage section 3041 e to generate the transfer key K′T andstores it in a transfer key storage section 3041 g (steps S3074 andS3075).

Current time information output from the clock counter 3042 is input toan encryption section 3041 h (step S3076).

The encryption section 3041 h reads out the transfer key K′T from thetransfer key storage section 3041 g, encrypts the current timeinformation using the transfer key K′T ([current time] K′T), andtransfers it to the decoding decision card 3001 through the input/outputsection 3041 a (steps S3077 and S3078).

(1-6) Decoding Decision Section of Decoding Decision Card

FIG. 90 shows an arrangement of the decoding decision section 3013 ofthe decoding decision card 3001 shown in FIG. 79.

The processing operation of the decoding decision section 3013 shown inFIG. 90 will be described with reference to the flow chart shown in FIG.91.

The master key ID and [license information] KM transferred from themedia readout device 3003 to the decoding decision card 3001 are inputto a master key selection section 3061 and a decoder section 3063,respectively (steps S3101 and S3103).

The master key selection section 3061 searches a master key storagesection 3062 for a decoding key corresponding to the master key ID andtransfers it to the decoder section 3063 (step S3102).

The master key ID input to the master key selection section 3061 is usedto designate a decoding key corresponding to the key for encrypting the[license information] KM. Unless a correct master key ID is obtained,the decoding key for decoding the license information cannot beselected.

The decoder section 3063 decodes the [license information] KM using thedecoding key designated by the master key ID and transfers the resultantlicense information to a decision section 3064 (step S3105).

Current time information transferred from the clock 3005 to the timetransfer section 3012 of the decoding decision card 3001 and decoded isinput to the decision section 3064 through a time input section 3065(steps S3106 and S3107).

The decision section 3064 decides on the basis of the licenseinformation and current time information whether the contentsinformation can be used, i.e., decoded and outputs the decision resultto the data transfer section 3011 through a decision result outputsection 3066 (steps S3108 to S3110). If it is decided that decoding isenabled, the contents key Kc contained in the license information isoutput to the contents key transfer section 3014 through a contents keyoutput section 3067 (step S3111).

Decision processing of the decision section 3064 will be described. Ifthe current time sent from the clock 3005 is earlier than the time whenthe license information has been recorded on the medium 3002, thisindicates that the current time delays from correct time. The licenseinformation recording time is recorded by the license server and can besubstantially regarded as correct time. In this case, the decision flagof the decision section 3064 is cleared, and hereafter, all the decisionresults are “use is disabled”. To set the decision flag again to makethe decision valid, a command from the clock 3005 is required. Thiscommand is sent to the decoding decision section 3013 through the timetransfer section 3012 of the decoding decision card 3001. Only a commandfrom the authentic (verifiable) clock 3005 can set the decision flagagain. The clock 3005 sets the decision flag again only when the time inthe clock 3005 is set.

(1-7) Master Key

The mater key used to encrypt or decode license information will bedescribed. In this case, both the encryption and decoding keys to beused to encrypt/decode the license information will be called masterkeys, and the encryption and decoding keys of the license informationare not always identical.

The master key in the master key storage section 3062 shown in FIG. 90is stored in the following format together with the master key ID.

Km(0), . . . , Km(999), (KP(1000), Ks(1000)), . . . , (KP(1499),Ks(1499)), (KP(1500), Ks(1500)), . . . , (KP(1599), Ks(1599))

Thousand keys from Km(0) to Km(999) are predetermined secret keys fordecoding. Keys from KP(1000) to KP(1599) are public keys for encryptinglicense information. Six hundred keys from Ks(1000) to Ks(1599) aresecret keys for decoding license information in correspondence withKP(1000) to KP(1599), respectively. Keys KP(n) (1000 £ n<1600) will becalled public master keys.

For the arbitrary integer n from 1000 to 1600 exclusive, the keys KP(n)and Ks(n) (1000 £ n<1600) are paired. That is, license informationencrypted by KP(n) can be decoded by Ks(n). For each integer n from 1000to 1600 exclusive, the pair (KP(n), Ks(n)) is occasionally generated bya master key generation section 3069 shown in FIG. 90 on the basis of arandom number generated by a random number generation section 3068. Thispair of keys changes depending on the decoding decision card, and evenin the same decoding decision card, changes depending on the timeperiod.

The public master key is used in the information distribution systemshown in FIG. 76, as will be described later.

Keys (KP(n), Ks(n)) (1500 £ n<1600) may be used when the valid periodwhen the contents information can be used is shorter than, e.g., 100hours. More specifically, the master key generation section 3069generates a key pair every, e.g., one hour and sequentially records keypairs from n=1500 to n=1599. In accordance with the designated period,e.g., when the valid period is shorter than the longest period of 100hours, (KP(1599), Ks(1599)) is recorded, and then (KP(1500), Ks(1500))is overwritten, and this processing is repeated.

When such a master key (KP(n), Ks(n)) (1500 £ n<1600) is to be used, thelatest key KP(n) is always used to encrypt license information. Afterthe license information is recorded, the license information encryptedby the key KP(n) is decoded by the corresponding key Ks(n) within thelongest period of 99 hours. However, when the time of 100 hours or morehas elapsed, the key Ks(n) is lost (changed by overwrite), so thislicense information cannot be decoded anymore. With this arrangement,high security can be ensured. Even when a person reads the master keyKs(n) by some technique, this key is valid only for license informationgenerated within a specific period of one hour.

As described above, the master key storage section 3062 holds threemaster keys with different natures (i.e., a secret key common to alldecoding decision cards, a secret key unique to each decoding decisioncard, and a secret key to be updated every predetermined time for eachdecoding decision card), so the security and convenience can becustomized.

License information encrypted using the encryption keys KM(0) to KM(999) corresponding to Km(0) to Km(999), respectively, can be used byany decoding decision card for decoding decision. However, if thecontents of the decoding decision card are illicitly read, protection ofthe contents fails.

On the other hand, in a method using a public master key, the publicmaster key must be sent to the server to update license information, andthis increases the labor for the user. However, even when the contentsof the decoding decision card are illicitly read, the failure ofsecurity affects only the specific decoding decision card. Especially,when the public master key of time change scheme as described above isused, the failure of security is also limited in terms of time.

(1-8) Information Reproduction Section

FIG. 92 shows an arrangement of the information reproduction section3004 shown in FIG. 77. The information reproduction section 3004comprises a verification section 3051, a decoder section 3052, a decoder3053, and a D/A converter 3054.

The processing operation of the information reproduction section 3004shown in FIG. 92 will be described with reference to the flow chartshown in FIG. 93. The information reproduction section 3004 reproduces,e.g., a MPEG2 motion picture.

The encrypted contents key [Kc] K′T transferred from the decodingdecision card 3001 is input to the verification section 3051 of theinformation reproduction section 3004. The verification section 3051decodes [Kc] k′T using the transfer key K′T generated by theverification section 3051 itself to obtain the contents key Kc (stepS3081).

On the other hand, contents information encrypted using the contents keyKc read from the medium 3002 by the media readout device 3003 is inputto the decoder section 3052. The decoder section 3052 decodes thecontents information using the contents key Kc and outputs it to thedecoder 3053 (step S3082).

The decoder 3053 reconstructs coding which has been done forcompression, and sends the resultant image data to the D/A converter3054 (step S3083).

The D/A converter 3054 converts the data into an analog signal andoutputs the signal to a predetermined display device (step S3085).

FIG. 94 shows an arrangement of the verification section 3051 of theinformation reproduction section 3004 shown in FIG. 92. The processingoperation of the verification section 3051 will be described withreference to the flow chart shown in FIG. 95.

A random number C transferred from the decoding decision card 3001 tothe information reproduction section 3004 is input to an input/outputsection 3051 a of the verification section 3051 and stored in a randomnumber storage section 3051 b (step S3091).

A random number generation section 3051 c generates the random number Dand stores it in a random number storage section 3051 d (step S3092).

A transfer key generation section 3051 f reads out the random numbers Cand D from the random number storage sections 3051 b and 3051 d,respectively, and also reads out the key generation information K′t froma secret key storage section 3051 e to generate the transfer key K′T(step S3093). The generated transfer key K′T is stored in a transfer keystorage section 3051 g (step S3094).

The random number D stored in the random number storage section 3051 dis transferred to the decoding decision card 3001 through theinput/output section 3051 a (step S3095).

The encrypted contents key [Kc] K′T transferred from the decodingdecision card 3001 to the information reproduction section 3004 is inputto the input/output section 3051 a of the verification section 3051. Thecontents key [Kc] K′T is output to a decoder section 3051 h (stepS3096).

The decoder section 3051 h reads out the transfer key K′T from thetransfer key storage section 3051 g to decode [Kc] K′T, therebyobtaining the contents key Kc (step S3097). The contents key Kc isoutput to the decoder section 3052 in the information reproductionsection 3004 (step S3098).

(1-9) Another Information Reproduction Section

FIG. 96 shows another arrangement of the information reproductionsection 3004 shown in FIG. 77. In this case, the contents information ofan accounting object is a program. The contents information of theaccounting object is at least partially encrypted using the contents keyKc, and the contents key Kc is contained in license information.

The same reference numerals as in FIG. 92 denote the same parts in FIG.96, and only different portions will be described. In FIG. 96, thedecoder 3053 and the D/A converter 3054 in FIG. 92 are replaced with aprogram execution section 3055, so that the program as the contentsinformation is executed by the program execution section 3055.

The operation until the contents key Kc and the encrypted contentsinformation are sent to the information reproduction section 3004 is thesame as described above.

In this case, the information reproduction section 3004 may be a centralprocessing unit constituted by a CPU, a memory, and the like.

(1-10)

In (1-1) to (1-9), the information reproducing apparatus has the clock3005, as shown in FIG. 77. The decoding decision card 3001 itself mayincorporate a clock, as a matter of course. In this case, the decodingdecision card 3001 incorporates a battery for driving the clock. Whenthe clock is incorporated in the decoding decision card 3001, the timetransfer section 3012 shown in FIG. 79 and verification processing forthe clock can be omitted.

(2) Information Distribution System in FIG. 76

The arrangement and processing operation of an information reproducingapparatus for this information distribution system are almost the sameas those in FIG. 75.

In the information distribution system shown in FIG. 76, not licenseinformation but a contents ID and encrypted contents information arerecorded on the removable information storage medium in the initialstate. When the license is to be updated, the medium and the decodingdecision card are set in the license update terminal. The updateterminal reads the contents ID from the medium and one of the publicmaster keys from the decoding decision card and transfers them to thelicense server. The license server having a database of contents to behandled searches the database for a contents key using the contents IDas a key.

Subsequently, the license server prepares normal license informationcontaining the contents key, encrypts the license information using thepublic master key, and transfers it to the update terminal. The updateterminal records the received encrypted license information on themedium. Reproduction for the medium after the license information isrecorded is the same as that in the information distribution systemshown in FIG. 75.

The license update terminal and license server in the informationdistribution system shown in FIG. 76 will be described next in moredetail.

(2-1) License Update Terminal

FIG. 97 shows an arrangement of the license update terminal.

A license update terminal 4000 comprises a card interface (IF) 4001 forreading predetermined information from an inserted decoding decisioncard, a removable information storage medium drive 4002 for reading outpredetermined information from an inserted removable information storagemedium, a communication section 4003 for performing communication withthe license server through a predetermined communication line (e.g., apublic line or a leased line), a display section 4004 constituted by,e.g., a liquid crystal display panel, and a key input section 4005constituted by a keyboard or touch panel for inputting an instructionfrom the user.

FIG. 98 is a flow chart showing the processing operation of the licenseupdate terminal 4000 shown in FIG. 97. The processing operation of thelicense update terminal will be described below with reference to FIG.98.

When the removable information storage medium is set in the removableinformation storage medium drive 4002, the identification information,i.e., the contents ID of the contents information recorded on the mediumis read from the medium (step S4001), and the read contents ID and theidentification information (update terminal ID) of the license updateterminal are transmitted to the license server through the communicationsection 4003 (step S4002).

The update terminal ID transmitted from the license update terminal tothe license server is stored by the license server together with updatedinformation as an update log. The contents fee may be collected on thebasis of the update log.

Upon receiving the contents ID and update terminal ID, the licenseserver transmits an accounting menu, request key type information, and averification key number N to the update terminal (step S4003).

The request key type information sent from the license server to theupdate terminal is used to designate the master keys of three types. Asdescribed above, the request key types are as follows.

When the request key type information is “0”, a predetermined master keyfor decoding, i.e., one of Km(0) to Km(999) is designated.

When the request key type information is “1”, a master key unique toeach decoding decision card for decoding license information, i.e., oneof KP(1000) to KP(1499) is designated.

When the request key type information is “2”, a secret key to be updatedevery predetermined time for each decoding decision card, i.e., one ofKP(1500) to KP(1599) is designated.

The verification key number N sent from the license server to thelicense update terminal is a number for designating a key KN which isheld in the decoding decision card for verification in transfer. Themaster key KP encrypted by the key KN is decoded by a decoding key K′Nheld in the license server and corresponding to the key KN. The licenseserver encrypts the license information using the key KP obtained inthis manner and transmits the license information to the license updateterminal. If the decoding decision card does not hold the correctverification key KN (e.g., when an improper device is to operate as thedecoding decision card), the license information recorded on theremovable information storage medium cannot be decoded using thedecoding key Ks corresponding to the key KP. For this reason, theunauthentic decoding decision card is eliminated.

The accounting menu is a fee table corresponding to the valid period ofthe contents information. A desired period is selected from thisaccounting menu, and the fee is paid. The accounting menu has, e.g., afee corresponding to a valid period, and an identification number forselecting the valid period. More specifically, when the valid period isseven days, the fee is 200 yen, and the identification number is “1”.For 30 days, the fee is 500 yen, and the identification number is “2”.For an indefinite period (conveyance), the fee is 3,000 yen, and theidentification number is “3”.

When the request key type information is “0”, the license updateterminal need not send the master key KP to the license server. This isbecause the license information is encrypted by a key common to alldecoding decision cards and sent to the license server. In this case,the license information sent from the server contains designation of thenumber of Km. This number need not be encrypted.

If the communication line between the update terminal and the licenseserver is not a leased line, as a measure for information security, aprocedure of mutual verification is preferably performed beforecommunication between a communication section 4021 of the license serverand the communication section 4003 of the update terminal. In this case,charging for license update is performed in a shop having the licenseupdate terminal. Unless unauthentic license update terminals areeliminated, illicit charging may take place. In addition, connection toa license server which is not authentic for the organizer of the licenseupdate terminal may cause charging for illicit license information forthe user.

If the communication line is a leased line, and the communicationpartner is reliable, mutual verification is not required. Thecommunication section 4003 of a license update terminal which uses apublic line such as the Internet for connection from the license updateterminal to the license server may store the record of communicationwith the license server. The fee is collected on the basis of the recordof the license server, so it is preferable that the record be stored onthe license update terminal side as well for confirmation.

The communication section 4003 of the license update terminal transfers,of pieces of information transmitted from the license server, theaccounting menu to the display section 4004 and the request keyidentification information and verification key number N to the card IF4001 (step S4004).

The display section 4004 presents the accounting menu to prompt the userto select the identification number of period. The card IF 4001transfers the request key identification information and verificationkey number to the decoding decision card. Upon receiving these pieces ofinformation, the decoding decision card transfers one of the master keysKP (an appropriate one of the plurality of keys KP) corresponding to therequest key identification information, which is encrypted using theverification key KN designated by the verification key number, i.e.,[KP] KN to the card IF 4001. At this time, the master key identificationinformation may be simultaneously transferred.

The communication section 4003 transmits [KP] KN transferred from thecard IF and the identification number of the valid period in theaccounting menu, which is designated by the user through the displaysection 4004, to the license server (steps S4005 to S4007).

Accordingly, the license server transmits license information which isencrypted using the master key KP supplied from the update terminal,i.e., [license information] KP to the communication section 4003 of theupdate terminal (step S4008).

The [license information] KP is recorded on the medium set in theremovable information storage medium drive 4002 (step S4009). Note thatthe [license information] KP sent from the license server and the masterkey identification information may be recorded on the medium.

(2-2) Decoding Decision Card

FIG. 99 shows an arrangement of the main part of the decoding decisioncard 3001, i.e., an update interface (IF) 3015.

The processing operations of various portions shown in FIG. 99 will bedescribed below with reference to the flow chart shown in FIG. 100.

The request key identification information and verification key number Ntransferred from the card IF 4001 of the update terminal to the decodingdecision card 3001 in step S4004 in FIG. 98 are input to an input/outputsection 4011 (step S4011).

The input/output section 4011 transfers the request key identificationinformation to the master key selection section 3061 and theverification key number N to a verification key selection section 4014(step S4012).

The master key selection section 3061 searches the master key storagesection 3062 to select the master key KP corresponding to the requestkey identification information and transfers it to an encryption section4012 (step S4013).

The verification key selection section 4014 searches a verification keystorage section 4013 to select the verification key KN having theverification key number N and transfers it to the encryption section4012 (step S4014).

The encryption section 4012 encrypts the master key KP using theverification key KN to generate [KP] KN (step S4015). The [KP] KN isoutput to the license update device through the input/output section4011 (step S4016).

(2-3) License Server

FIG. 101 shows an arrangement of the license server. A contentsinformation database (DB) 4024 stores the following information incorrespondence with a contents ID.

Contents key

Accounting menu

Request key type

The processing operations of various portions of the license server 4001shown in FIG. 101 will be described below with reference to the flowchart shown in FIG. 102.

The contents ID and update terminal ID transmitted from the licenseupdate terminal in step S4002 in FIG. 98 are received by thecommunication section 4021 and transferred to a response section 4022(step S4021).

The response section 4022 transfers the contents ID to a contentsinformation retrieval section 4023 (step S4022). The contentsinformation retrieval section 4023 reads out a contents key, anaccounting menu, and a request key type corresponding to the contents IDand transfers them to the response section 4022 (step S4023).

The response section 4022 generates the verification key number N (stepS4024). For example, one of a plurality of predetermined verificationkey numbers may be selected. Information other than the contents key,i.e., the accounting menu, the request key type information, and theverification key number N are transmitted to the license update terminalthrough the communication section 4021 (step S4025).

The [KP] KN and the identification number of the desired valid period inthe accounting menu, which are transmitted from the update terminal instep S4007 in FIG. 98, are received by the communication section 4021and transferred to the response section 4022 (step S4026).

The response section 4022 decodes the [KP] KN using a decoding key KN′corresponding to the verification key number N, which has beenpreviously generated, to obtain the master key KP (step S4027).

The license information generated by the response section 4022 isencrypted by an encryption section 4025 using the master key KP([license information] KP is generated). The [license information] KP istransmitted to the license update device through the communicationsection 4021 (steps S4028 and S4029).

The response section 4022 records, in an update record database (DB)4026, the license update history information in correspondence with theupdate terminal ID received in step S4021 (step S4030).

(3) Information Distribution System in which License is Updated UsingElectronic Banking from User Terminal

FIG. 103 shows an example of a system configuration comprising a userterminal, a license server 4101, and an electronic banking device 4102,which is used to update the license using electronic banking. The userterminal performs accounting processing using electronic banking througha network.

The user terminal has at least a license update device 4103 and may beconstituted by, e.g., a personal computer in which the decoding decisioncard 3001 and a removable information storage medium 4031 are inserted.

FIG. 104 shows an arrangement of the license update device 4103incorporated in the user terminal. A control section 4044 constitutedby, e.g., a CPU controls a communication section 4041, a removableinformation recording medium IF 4042, a decoding decision card IF 4043,a display section 4045, and an input section 4046 to execute processingof updating the license.

FIG. 105 shows an arrangement of the license server 4101 in which acontrol section 4053 controls a communication section 4051, a decodersection 4052, an accounting reference number issue section 4054, anaccounting processing section 4055, and a license information generationsection 4056 to execute processing of updating the license.

FIG. 106 is a flow chart showing the processing operation of the entiresystem shown in FIG. 103 when license information is encrypted using amaster key (e.g., one of Km(0) to Km(999)) common to all licensedecision cards (i.e., all user terminals).

The processing operations of various portions of the license updatedevice 4103 and the license server 4101 will be described with referenceto the flow chart shown in FIG. 106.

Note that contents information and license information are recorded onthe medium 4031, and the license information contains a licensecondition for deciding the use enable/disable of the contentsinformation, a contents ID, and other information.

The removable information recording medium interface (IF) 4042 of thelicense update device 4103 reads license information from the medium setin the user terminal and outputs it to the decoding decision card 3001through the decoding decision card interface (IF) 4043 (step S4041).

The decoding decision card 3001 performs predetermined processing (e.g.,the processing operation of the decoder unit A described in the secondembodiment) on the basis of the input license information. As a result,when the license is to be updated, the decoding decision card 3001outputs license update information (e.g., for the decoder unit A, theupdated information as shown in FIG. 56).

The decoding decision card IF 4043 reads the license server ID from thedecoding decision card 3001 (step S4042). The license server ID may becontained in the updated information.

The license server ID is identification information for specifying thelicense server.

The license update device 4103 accesses the license server specified bythe license server ID through the communication section 4041 andtransmits the updated information for updating the license information(step S4043).

Upon receiving the updated information transmitted from the licenseupdate device 4103, the communication section 4051 of the license server4101 searches an accounting database (DB) 4058 on the basis of thecontents ID contained in the updated information to read out at leastthe accounting menu (the request key type information, the verificationkey number N, and the like, as needed). The accounting reference numberissue section 4054 issues an accounting reference number. At least theaccounting menu and the accounting reference number (to be referred toas a data group A hereinafter, as needed) are transmitted to the licenseupdate device 4103 through the communication section 4051 (step S4044).

The accounting reference number issued from the license server is anumber appropriately assigned to each transaction by the license server.The accounting reference number is used to confirm accounting, as willbe described later.

The license server normally processes license update requests from aplurality of users, i.e., license update devices. Therefore, the lineconnection time is preferably made as short as possible. For thispurpose, the license update device appropriately disconnects the line tothe license server. For example, for the communication section 4041 ofthe license update device, a response wait time Tw from the licenseserver is set in advance. If no response comes from the license serverwithin this wait time, the line may be disconnected. To discriminatelicense update requests from the plurality of license update devices,the license server must manage license information on the basis ofaccounting reference numbers.

Upon receiving the data group A, the license update device 4103 presentsthe accounting menu on the display section 4045 (step S4045). When theuser selects the identification number of a desired valid period (stepS4046), the communication section 4041 of the license update device 4103accesses the electronic banking device 4102 to send at least theaccounting reference number, the license server ID, the identificationnumber of the selected valid period, and a fee claim corresponding tothe valid period (step S4047).

The electronic banking device 4102 performs predetermined paymentprocessing in accordance with the request from the user. If processingis successful, the identification number of the valid period, thesettlement amount, and the accounting reference number are transmitted,as a payment certificate, to the license server 4101 designated by thelicense server ID, so the license server is notified of the success ofpayment processing. The identification number of the valid period, thesettlement amount, and the accounting reference number are alsotransmitted to the license update device 4103 of the fee claiming sourceas a payment certificate (steps S4048 to S4050). Upon receiving thesettlement amount and accounting reference number, the license updatedevice 4103 accesses the license server specified by the license serverID and transmits at least the identification number of the valid periodselected in step S4046, the settlement amount, and the accountingreference number as a payment certificate (step S4051).

The payment certificate transmitted from the electronic banking device4102 and the payment certificate transmitted from the license updatedevice 4103, which are received by the communication section 4051 of thelicense server 4101, are recorded in an accounting processing database(DB) 4057 in correspondence with the accounting reference number.

The accounting processing DB 4057 stores the following information incorrespondence with each accounting reference number.

ID of the license update terminal

Contents key

Payment certificate from the electronic banking device (theidentification number of the valid period, the settlement amount, andthe accounting reference number)

Payment certificate from the license update device (the identificationnumber of the valid period, the settlement amount, and the accountingreference number)

Upon receiving the payment certificates from the electronic bankingdevice 4102 and the license update device 4103, the license server 4101records them in the accounting processing DB 4057. The accountingprocessing section 4055 confirms whether the settlement amounts andidentification numbers in the two payment certificates match (stepS4052). Only if YES in step S4052, it can be decided that appropriatepayment has been performed. Simultaneously with this payment certificateconfirmation processing, the license information generation section 4056of the license server 4101 changes at least the license condition andthe contents ID in the license information (updates the licenseinformation) on the basis of the license updated information transmittedfrom the license update device 4103 in step S4043 and the contents keycorresponding to the contents ID retrieved from the contents informationDB 4024.

For example, the license information contains the following information.

Contents ID

Contents key for decoding encrypted contents information

License information generation time

Update server ID

Accounting reference number

The update server ID is identification information for specifying thelicense server which has updated the license. With the update server ID,the server which has performed update can be specified from the licenseinformation, as needed.

When it is confirmed in step S4053 that appropriate payment has beenperformed, the license server 4101 transmits the updated licenseinformation to the license update device 4103 as the license updatesource through the communication section 4051 (step S4054).

Upon receiving the updated license information, the license updatedevice 4103 records the updated license information on the medium 4031through the removable information recording medium IF 4042 (step S4055).

As has been described above, according to the information recordingapparatus, the information reproducing apparatus, and the accountingapparatus of the present invention, quick and easy distribution of adigitized work distributed through a network or recording medium isallowed and, a fair digital information usage environment assumingprotection by copyright based on charging for the use of digitalinformation can be easily constructed.

(Fourth Embodiment)

FIG. 107 shows an entire arrangement of an information reproductionsystem according to the fourth embodiment. This system is used by theuser in the information distribution system as shown in FIG. 53, 75, or76 or FIG. 122 to be described later. Contents information is recordedon a recording medium (information medium) such as a DVD-RAM or DVD-ROM.A right for using (reproducing and watching) the contents informationunder a predetermined condition is called a license. The user obtainslicense information by purchasing the license. The license informationfor allowing reproduction of the contents information may be recorded onthe recording medium together with the contents information.Alternatively, the license information may be separately recorded onanother recording medium or, e.g., an IC card having a memory and anarithmetic function, read out independently of the contents information,and input to the information reproducing apparatus shown in FIG. 107.This license information may be distributed through broadcasting or theInternet.

Referring to FIG. 107, the information reproduction system comprises aninformation media driver 7001 for reading encrypted contentsinformation, i.e., mainly digital contents from an information mediumsuch as a DVD-ROM or DVD-RAM, an information reproduction device 7000for checking on the basis of license information corresponding to theencrypted contents whether the license is valid, and if the license isvalid, outputting a contents decoding key for the use of the contentsinformation, and an information usage device 7002 such as a DVD playeror a video reproduction device for decoding the encrypted contents usingthe decoding key output from the information media driver 7001 andreproducing the contents information.

Assume that the digital contents are encrypted in advance in order toproperly collect the license fee. FIG. 113 shows a structure of contentsinformation to be used in this embodiment. The contents information isconstituted by an encrypted portion and an unencrypted portion.Encrypted contents are recorded in the encrypted portion, and a contentsID is recorded in the unencrypted portion. The contents ID is used tolink the contents with the license information.

FIG. 114 shows a structure of license information. The licenseinformation contains a decoding key (to be referred to as a contentsdecoding key hereinafter) for decoding the encrypted contents, a licensecondition such as an expiration date, the ID of the contents, andlicense authentication information.

The license authentication information is a code which is defined inadvance to check whether the encrypted license information has beenproperly decoded. For example, a 4-byte code is represented by ahexadecimal number such as “a5fe478e160e325f”. This information must bedefined among a license generation device, a license update device, anda license decision unit in advance.

The entire license information is encrypted using a predetermineddecoding key. The license information is decoded using a secret key heldin a license decision unit 7008 in the information reproduction device7000, and the license condition is checked on the basis of the decodedlicense information. The license condition is, e.g., an expiration dateand a use count. When the expiration date is employed as the licensecondition, watching is disabled after the expiration date. Even whenboth contents and license information required to decode the contentsare illicitly copied, the contents information cannot be used after theexpiration date, so distribution of pirated editions substantiallybecomes meaningless.

However, when the expiration date is determined, the clock for countingthe current time (time will mean the date and time hereinafter) to checkthe expiration date must be strictly managed, and otherwise, theexpiration date itself also becomes meaningless. For example, assumethat license information with an expiration date on December 22. isacquired on December 15. as a license for one week. In this case, if theclock to be referred to by the license decision unit 7008 indicates June10, the license is valid for a half year. Especially, when the clock canbe adjusted by the user, the clock may be adjusted to the user'sadvantage, and the above situation is likely to occur.

In this embodiment, an information reproducing apparatus capable ofsolving the above problem and providing a framework for causing the userto keep the expiration date even when the clock is adjusted to theuser's advantage will be described. The decoding key of licenseinformation is generated using a predetermined algorithm at apredetermined period and replaced with the old decoding key. In thelicense generation device or license update device as well, acorresponding encryption key of license information is generated at thesame timing. If the clock time is largely shifted from that in thelicense generation device or license update device, newly acquiredlicense information cannot be decoded. At least to watch new contents,the clock time must be correctly adjusted. As described above, thisembodiment has as its gist to change the decoding key of licenseinformation to indirectly adjust the clock to the correct state. In FIG.107, a clock 7008 h (FIG. 108) for counting the current time isincorporated in the license decision unit 7008 (in this case, when thelicense decision unit 7008 is constituted by, e.g., one IC chip,protection can be easily realized on the hardware side to prevent theuser from adjusting the time). However, the count time of the clock 7008h may be adjusted by the user.

The processing operation of the information reproducing apparatus shownin FIG. 107 and that of the license decision unit 7008 having anarrangement shown in FIG. 108 will be described next with reference tothe flow charts shown in FIGS. 109 and 110.

Contents information as in FIG. 113, which is read from the informationmedia driver 7001, is separated into a contents ID and encryptedcontents by a data separation section 7007 (steps S7001 and S7002). Theencrypted contents are sent to the information usage device 7002 (stepS7003), so the contents decoding key to be output from the licensedecision unit 7008 is waited for.

On the other hand, the contents ID is sent to a license informationretrieval section 7006. The license information retrieval section 7006searches a license information database (DB) 7004 for licenseinformation having the contents ID (step S7004).

In license information stored in the license information DB 7004, anunencrypted portion containing at least a contents ID is added toencrypted license information, as shown in FIG. 115, so licenseinformation corresponding to the contents can be retrieved on the basisof the contents ID. The retrieved license information is sent to thelicense decision unit 7008 (steps S7005 and S7006).

FIG. 108 shows an arrangement of the license decision unit 7008. Thelicense information retrieved by the license information retrievalsection 7006 is input to a license information input section 7008 a andtransferred to a decoder section 7008 b.

The decoder section 7008 b decodes the license information using thelicense information decoding key stored in a decoding key storagesection 7008 e (steps S7007 and S7008).

The decoded license information is sent to a license informationmatching confirmation section 7008 c so it is confirmed using licenseauthentication information whether the license information has beencorrectly decoded (step S7009). After the license information isdecoded, it is checked whether the license authentication information ispresent at a predetermined position in the license information. If thelicense authentication information is at a predetermined position, it isdecided that the license information has been correctly decoded. Ifdecoding has been made using an appropriate decoding key, this codenormally becomes random. If it is decided that the license informationhas not been correctly decoded, the license information retrievalsection 7006 is requested to retrieve the next candidate of licenseinformation. The license information retrieval section 7006 searches thelicense information DB 7004, extracts the next license informationhaving the contents ID, and sends it to the license decision unit 7008.If the license information retrieval section 7006 cannot retrieve thenext candidate of license information, the flow advances to step S7021in FIG. 110 to request to display, on a display section 7011, a message,e.g., “license information is invalid, or time of the reference clock iswrong. Current time of the reference clock is YYYY, HH:MM. Pleaseconfirm time and update the license” (step S7021 in FIG. 110). The userconfirms the current time, and if the time is largely shifted, correctsthe time.

A decoding key generation section 7008 f generates a new key at apredetermined period together with the license update device and licensegeneration device and stores the key in the decoding key storage section7008 e. If the clock 7008 h in the license decision unit 7008 indicatestime largely shifted from the actual time, the decoding key generated bythe license decision unit 7008 does not match the encryption keygenerated by the license update device or license generation device, soeven license information with a valid license condition cannot bedecoded. For this reason, the message as described above need bedisplayed to prompt the user to confirm the time of the clock 7008 h.After this, the license may be updated in response to the request fromthe user.

In step S7010 in FIG. 109, if the license information matchingconfirmation section 7008 c decides that the license information hasbeen correctly decoded, the license information is sent to a licensecondition decision section 7008 d to decide the license condition. Theexpiration date is used as the license condition. To decide the licensecondition, the time of the clock 7008 h in or, as needed, outside thelicense decision unit 7008 is referred to through a clock referencesection 7008 g to decide whether the time is before the expiration date(step S7011). If it is decided that the license condition is satisfied(step S7012), the contents decoding key is output to the informationusage device 7002 (step S7013). The information usage device 7002decodes encrypted contents, which have been separately sent, using thedecoding key, and reproduces and uses the contents information (stepS7014).

In step S7012, if the license condition is not satisfied, its messageand at least the license information are transferred to the licenseinformation retrieval section 7006. The flow advances to step S7021 inFIG. 10, and the license may be updated in response to a request fromthe user.

The license is updated following a procedure to be described later indetail. License update information containing at least a contents ID anda desired license condition, as shown in FIG. 116, is generated througha license update directing section 7005, a desired license conditioninput section 7010, and the display section 7011 shown in FIG. 107. Thegenerated license update information is sent to the license updatedevice through a predetermined network such as the Internet to updatethe license.

FIG. 110 is a flow chart of license information update processing. InFIG. 110, after a message “license information is invalid, or time ofthe reference clock is wrong. Current time of the reference clock isYYYY, HH:MM. Please confirm time and update the license” is displayed onthe display section 7011 (step S7021), the license update directingsection 7005 having an appropriate interface with which the user inputsat least an instruction whether the license is to be updated is started.Assume that (after the time of the clock 7008 h is confirmed), the userhas input an instruction through the interface to update the license.The license update directing section 7005 sends the instruction to thelicense information retrieval section 7006. The license informationretrieval section 7006 sends the contents ID to a license update section7009 (steps S7022 to S7024).

The license update section 7009 starts the desired license conditioninput section 7010, generates license update information as shown inFIG. 116 using the desired license condition input through theappropriate interface of the desired license condition input section7010 and the contents ID sent from the license information retrievalsection 7006 (steps S7025 to S7027), and sends the license updateinformation to the license information update device through apredetermined network.

In step S7024, if the user does not want to update the license (i.e.,the user inputs an instruction through the license update directingsection 7005 not to update the license), the license informationretrieval section 7006 erases the contents ID, and processing is ended.

The updated license information is input to a license storage section7003 through an IC card or a predetermined network such as the Internet,converted into a data format shown in FIG. 115, and stored in thelicense information DB (database) 7004, as shown in FIG. 111.

If the license decision unit 7008 decides that the license is invalid(step S7005, S7010, or S7012 in FIG. 109), processing may be immediatelyended (reproduction may be stopped). In this case, the license updatedirecting section 7005, the display section 7011, the license updatesection 7009, and the desired license condition input section 7010 canbe omitted. The function of communicating with the license update devicecan also be omitted, and the arrangement is simplified. To update thelicense, the user with, e.g., an IC card goes to an agency which updatesthe license and pays a predetermined fee to cause the agency to writenew license information with an updated license condition and the likein the IC card. The user brings the IC card back and inserts it into theinformation reproducing apparatus shown in FIG. 107 to load the updatedlicense information and store it in the license information DB 7004through the license storage section 7003.

License information decoding key generation processing will be describednext with reference to the flow chart shown in FIG. 112.

The decoding key generation section 7008 f in the license decision unit7008 refers to the clock 7008 h through the clock reference section 7008g and starts to generate a decoding key at predetermined time (stepsS7041 and S7042). The generated decoding key is stored in the decodingkey storage section 7008 e (steps S7043 and S7044). The decoding keymust be generated in synchronism with the license generation device andlicense update device. For example, the decoding key is updated, e.g.,once a week at predetermined time such as 15:00 on Monday. As isapparent from the gist of this embodiment, the same key as that in thelicense generation device or license update device must be generated.For this purpose, the key can be generated using a random numbergenerator using time as a seed. When the key is to be updated on Dec.15, 1997, the number “19971215” is used as a seed, and the output fromthe random number generator incorporated in, e.g., the decoding keygeneration section 7008 f may be used as the decoding key. The licensegeneration device and license update device also generate the licenseinformation encryption key by the same scheme, as a matter of course.

A method of generating a common key in the common key scheme has beendescribed above. The license decision unit 7008 sometimes employs apublic key cipher. In this case, as in the key generation section 2006of the above-described decoder unit A, a key generation algorithm of,e.g., RSA cipher can be used to generate the decoding key (secret key).

With this arrangement, a mechanism for changing the decoding key on boththe license generation device or license update device side and thelicense decision unit 7008 side at a predetermined period can berealized. Even when the user illicitly alters the clock 7008 h in theinformation reproducing apparatus including the license decision unit7008, newly acquired license information cannot be decoded, so illicitalteration of the clock can be prevented in many cases.

Whether the clock 7008 h can be altered by the user is not a seriousproblem because of this characteristic feature. In the key generationprocess, the key generation start instruction need not always be issuedfrom the decoding key generation section 7008 f itself. The clockreference section 7008 g or clock 7008 h may issue the instruction. Inthis case, key generation can be performed at more accurate time thanthat in key generation directed by the decoding key generation section7008 f.

In this embodiment, a license corresponding to a piece of contentsinformation is retrieved, and then the validity is decided (theexpiration date is checked). If the expiration date is valid, thedecoding key is output. However, if the expiration date is invalid, amessage representing that the license has expired or the reference clockis wrong is displayed without retrieving another license information.This is because it is tacitly assumed that only a piece of licenseinformation corresponds to the contents. However, if a license for twoweeks is to be purchased/sold, the license information may be separatedin units of weeks. In some cases, licenses with not a period limitationbut a count limitation are sold, and these licenses may be present withrespect to the same contents. In such a case, all existing licenseinformation can be retrieved, and the most advantageous license for theuser may be used.

For example, the license with a period limitation is preferred over thelicense with a count limitation. While the license with the periodlimitation is valid, the user need not use the license with the countlimitation. In this case, the license information stored in the licenseinformation DB 7004 preferably contains, in the unencrypted portion, notonly the contents ID but also information for identifying the licensewith a period limitation or the license with a count limitation, asshown in FIG. 117.

The priority order in selecting the license may be designated by theuser himself/herself. For example, the license information retrievalsection 7006 may displays, on the display section 7011, a menu window tocause the user to select the license with a period limitation or thelicense with a count limitation.

Once the license information with priority has been retrieved, thelicense information retrieval section 7006 may end retrieval at thattime point without retrieving all license information.

FIG. 118 shows another arrangement of the information reproductiondevice 7000 shown in FIG. 107. Contents information is recorded on arecording medium (information medium) such as a DVD-ROM or DVD-RAM, andlicense information is distributed through broadcasting.

As the characteristic feature of the information reproducing apparatusshown in FIG. 118, the decoding key of encrypted license information tobe distributed by broadcasting is generated on the basis of a seedcontained in the broadcasting wave. As a result, the decoding key can begenerated without using the clock 7008 h.

The same reference numerals as in FIG. 107 denote the same parts in FIG.118, and only different portions will be described. In the arrangementshown in FIG. 118, encrypted license information is sent by abroadcasting wave, and the broadcasting wave includes seed informationfor generating the decoding key of the encrypted license information.Therefore, the information reproducing apparatus has a licenseinformation receiving section 8001 for receiving the broadcasting waveand converting it into a digital signal, and a license separationsection 8002 for separating the encrypted license information and seedinformation from the received broadcasting wave. A license decision unit8009 generates the decoding key on the basis of the seed informationsent together with the broadcasting wave.

FIG. 121 shows an example of the data structure of the broadcasting wavereceived by the license information receiving section 8001.Identification information with a fixed length is added to the start ofeach of the license information and seed information to discriminate thelicense information from the seed information.

FIG. 119 shows an arrangement of the license decision unit 8009. Thesame reference numerals as in FIG. 108 denote the same parts in FIG.119, and only different portions will be described. The license decisionunit 8009 further comprises a decoding key generation seed input section8009 g to which seed information output from the license separationsection 8002 is input. A decoding key generation section 8009 fgenerates a decoding key from the seed information.

An operation from separation of encrypted license information and seedinformation from a received broadcasting wave to decoding key generationwill be described next with reference to the flow chart shown in FIG.120.

Upon receiving a broadcasting wave and obtaining received data as shownin FIG. 121, the license information receiving section 8001 temporarilysends the received data to the license separation section 8002 toseparate it into license information and seed information usingidentification information (steps S8001 and S8002).

If the received data is license information, the license information issent to the license storage section 7003 (steps S8003 and S8004). Thelicense storage section 7003 adds a contents ID to the licenseinformation, as shown in FIG. 115, and stores it in the licenseinformation DB 7004. If the received data is seed information, the seedinformation is sent to the license decision unit (step S8005). Thelicense decision unit receives the seed information by the decoding keygeneration seed input section 8009 g and sends it to the decoding keygeneration section 8009 f to generate a new decoding key (step S8006).The decoding key generation section 8009 f may generate the decoding keyfrom the seed information using the common key scheme or public keyscheme, as in the fourth embodiment. The generated decoding key isstored in a decoding key storage section 8009 e.

License decision or license update processing is the same as in FIGS.109 and 110.

When license information is distributed by broadcasting, and the licenseis sent to all information reproducing apparatuses (receptionterminals), watching is allowed to all people having reception terminalsin the same specifications, and the license is managed in no way. Thelicense information need be supplied in units of reception terminals. Areception terminal ID is inserted into the license information, andreception terminals except a reception terminal having the receptionterminal ID must be prevented from receiving the license information.For this purpose, the reception terminal preferably has identificationinformation (reception terminal ID) for identifying the receptionterminal in the license information identification informationdistributed by broadcasting such that only license information addressedto the reception terminal can be selectively received. The receptionterminal ID in the license information identification information iscalled an effective terminal ID.

Each reception terminal, i.e., the license separation section 8002 ofthe information reproducing apparatus as shown in FIG. 118 has a uniquereception terminal ID in advance. Before license information isseparated from the received data as shown in FIG. 121, the effectiveterminal ID contained in the license information identificationinformation is compared with the self reception terminal ID. Only whenthe IDs match, the license information is received. Alternatively, alllicense information may be temporarily stored in a predetermined memory,the effective terminal ID in the license information identificationinformation stored in the memory may be compared with the receptionterminal ID, and unnecessary license information may be erased from thememory.

The information reproduction device 7000 shown in FIG. 107 or 118 can beconstituted using a hardware resource as standard equipment of ageneral-purpose computer.

License information decoding key generation processing described in thisembodiment can also be applied to the key generation section 2006 of thedecoder unit A or C described in the second embodiment.

When the license information contains license authentication informationas described in this embodiment, processing of the license informationmatching confirmation section 7008 c, i.e., processing of confirmingusing the license authentication information whether the licenseinformation has been correctly decoded can also be performed in thedecision section 2003 of each of the decoder units A to D described inthe second embodiment. The decision section 2003 of each of the decoderunits A to D can collate the license authentication information, andafter it is decided that the license information has been correctlydecoded, predetermined license decision can be made.

As described above, according to the fourth embodiment, key informationfor decoding license information is generated at a predetermined periodin the license decision unit 7008. With this arrangement, theinformation security for license information containing the contentsinformation license condition or contents information decoding key canbe improved.

The decoded license information contains license authenticationinformation for deciding the decoding result. Therefore, even when manydecoding keys of license information are generated along with the elapseof time, it can be easily decided whether the license information hasbeen correctly decoded using a proper one of the decoding keys.

Since the decoding key of license information is generated in thelicense decision unit 8009 on the basis of seed information distributedto the information reproducing apparatus by broadcasting, the decodingkey can be easily updated.

(Fifth Embodiment)

FIG. 122 shows an arrangement of an information distribution systemaccording to the fifth embodiment. Encrypted contents information as anaccounting object is recorded on a removable information storage medium(to be simply referred to as a disk hereinafter) D such as a DVD inadvance. This embodiment provides a rental service in which a licensefor allowing reproduction of the contents information recorded on thedisk D is sold, and the disk D is rented. In this case, the licensemeans the right of using (reproducing and watching) contents informationto be rented under a predetermined condition. More specifically, licenseinformation for allowing the user to reproduce contents information onlywithin a limited period a limited number of times is sold to the user,thereby granting the user the license.

License information for enabling reproduction of contents information isrecorded on a card type recording medium (to be simply referred to as acard hereinafter) P such as an IC card having a calculation function andsupplied to the user.

Each shop for providing the rental disk D has a license issuing device5003. The license issuing device 5003 is connected to a center through apredetermined communication line to form a network. When the usersubscribed to the service of the information distribution system asshown in FIG. 122 goes to an arbitrary shop on the network to rent thedisk D having desired contents information, the user undergoes apredetermined procedure such as fee payment for the contents licensecondition such as a contents information watching period first. Thelicense issuing device 5003 generates license information on the basisof disk information containing the disk key and license condition of thedisk D, which is sent from the center, and records the licenseinformation on the card P.

The user takes the disk D and the card P home, inserts the card P into acard adapter 5004 adapted to the information distribution system, andsets the disk D in a player 5005. As far as the license conditioncontained in the license information is satisfied (e.g., within thewatching period), the contents information can be reproduced.

FIG. 123 shows an example of data recorded on the rental disk D in theshop. As shown in FIG. 123, the disk D has a disk ID, one or a pluralityof pieces of (e.g., two pieces of) encrypted contents information, andencrypted contents keys corresponding to the pieces of contentsinformation, respectively, which are used to decode the contentsinformation.

The pieces of contents information recorded on one disk are encryptedusing contents key corresponding to the pieces of contents information.The contents key is encrypted using a predetermined disk key in the diskID of the disk. As a characteristic feature, the disk key is notrecorded on the disk.

The disk ID is identification information for identifying the disk. Thedisk ID may be uniquely defined for each disk or common to disks storingcontents information of the same title. Alternatively, disksmanufactured in a factory in a certain day may have a common disk ID.

A disk key (the disk key is not recorded on the disk) capable ofdecoding the encrypted contents key recorded on the disk is uniquelydetermined, but not vice versa. Even when a disk key is available todecode a contents key, the disk IDs are not always identical.

The rental disk D does not have the disk key, as shown in FIG. 123. Torent the disk D, a disk key necessary for decoding the contents storedin the disk D must be distributed to the user.

When the disk D is to be rented, a license creation device 5001 in thecenter generates disk information containing a disk key corresponding tothe disk D. The disk key is stored in a contents DB 5002 in the centerin correspondence with the disk ID in advance, as shown in FIG. 124.

The present invention is to provide a safe disk key distribution scheme.

FIG. 125 schematically shows the disk key distribution scheme in theinformation distribution system shown in FIG. 122. Roughly, a key (diskkey) distribution device is constituted by the license creation device5001 and the license issuing device 5003, and an information usagedevice for using (e.g., reproducing) the contents information using thekey (disk key) distributed from the key distribution device isconstituted by the card adapter 5004 and the player 5005.

The disk key is encrypted using an encryption key ke together with thedisk ID and contents license condition before the disk key is sent fromthe license creation device 5001 to the card adapter 5004. Morespecifically, the license creation device 5001 generates diskinformation containing the disk key, the disk ID, and the licensecondition, encrypts the disk information using the encryption key ke,and distributes the disk information. By decoding the disk informationby the card adapter 5004 which holds a decoding key kd in advance, therisk of disk key decoding midway along the distribution route by tappingor the like can be lowered.

The license creation device 5001 and the license issuing device 5003which constitute the key distribution device sometimes independentlybelong to different parties having interests. In this case, to adjustthe interests (to prevent the disk information from being illicitlyacquired during the process of distributing it from the license creationdevice 5001 to the license issuing device 5003), the license creationdevice 5001 preferably encrypts the disk information and thendistributes it to the license issuing device 5003.

The encrypted disk information containing the disk key reaches the cardadapter 5004 through the license issuing device 5003 and the card P. Toprotect the disk information on this distribution route, the encrypteddisk information is further encrypted and distributed from the licenseissuing device 5003 to the card adapter 5004.

For example, as shown in FIG. 125, the license issuing device 5003 addsanother information to the disk information encrypted using theencryption key ke and distributed from the license creation device 5001to generate license information, encrypts the license information usinga common key wl2, and writes the license information in the card P.

The common key wl2 is generated on the basis of publishable information(public parameters) which is exchanged between the card adapter 5004 andthe license issuing device 5003 through the card P and secret parametersheld in the card adapter 5004 and the license issuing device 5003, as inthe DH (Diffie-Hellman) key distribution scheme. The public parametersare generated from the secret parameters held in the card adapter 5004and the license issuing device 5003. A tapper who knows only the publicparameters cannot generate the common key wl2.

Only the card adapter 5004 which has exchanged the public parameterswith the license issuing device 5003 can decode the disk informationencrypted by the common key wl2.

The card adapter 5004 generates the common key wl2 from the publicparameters distributed from the license issuing device 5003 through thecard P and the secret parameters held in the card adapter 5004 itselfand decodes the encrypted license information distributed from thelicense issuing device 5003 through the card P using the common key,thereby obtaining the encrypted disk information. This encrypted diskinformation is decoded using the decoding key kd, and the licensecondition is checked to decide whether reproduction is allowed. If it isdecided that reproduction is allowed, the disk key contained in the diskinformation is transferred to the player 5005.

If the path between the card adapter 5004 and the player 5005 is anunsafe communication path where tapping is likely to occur, the disk keyis also preferably encrypted and distributed. As in, e.g., the DH keydistribution scheme, the disk key is encrypted by the card adapter 5004using a common key wd2 generated from public parameters exchangedbetween the card adapter 5004 and the player 5005 and secret parametersheld in the card adapter 5004 and the player 5005 and then distributedto the player 5005.

When the disk key is to be encrypted by the license creation device5001, the disk ID and contents license condition are added to generatedisk information, and then, the disk information is encrypted. When thedisk information is to be encrypted by the license issuing device 5003,identification information (KID) of the card P, identificationinformation (AID) of the card adapter 5004, and the like are added togenerate license information, and then, the license information isencrypted. The license information may also contain license informationgeneration time.

For the card adapter 5004 and the card P, the respective pieces ofidentification information are preferably protected to prevent them frombeing externally read or corrected.

When the identification information (KID) of the card P and theidentification information (AID) of the card adapter 5004 are to beinserted into the license information, the license issuing device 5003must acquire the pieces of identification information KID and AID beforegeneration of the license information.

When the identification information KID of the card P is to bedistributed from the card P to the license issuing device 5003, theidentification information KID is preferably encrypted and thendistributed. For example, as in the DH key distribution scheme, theidentification information KID is encrypted in the card P using a commonkey wk generated from public parameters exchanged between the licenseissuing device 5003 and the card P and secret parameters held in thelicense issuing device 5003 and the card P and distributed to thelicense issuing device 5003.

When the identification information AID of the card adapter 5004 is tobe distributed from the card adapter 5004 to the license issuing device5003 (through the card P), the identification information AID ispreferably encrypted and then distributed. For example, as in the DH keydistribution scheme, the identification information AID is encrypted inthe card adapter 5004 using a common key wl1 generated from publicparameters exchanged between the license issuing device 5003 and thecard adapter 5004 and secret parameters held in the license issuingdevice 5003 and the card adapter 5004 and distributed to the licenseissuing device 5003.

When the license information contains the identification information(KID) of the card P and the identification information (AID) of the cardadapter 5004, the card adapter 5004 can collate the identificationinformation AID of the card adapter 5004 itself with the identificationinformation KID of the card P which is being inserted into the cardadapter 5004 before it is decided on the basis of the licenseinformation whether reproduction is enabled, so the information securitycan be further improved.

As shown in FIG. 125, to safely distribute the disk key from the licensecreation device 5001 to the information reproducing apparatus on theuser side, the respective devices on the distribution route hold thefollowing secret information.

The license creation device 5001 holds the encryption key ke forencrypting the disk information, and the card adapter 5004 holds thedecoding key kd for decoding the disk information.

The card adapter 5004 and the license issuing device 5003 share a numberX(l), a key generation algorithm Al(Pl) for generating a given key uponreceiving a corresponding seed, and a sufficiently large prime numberPrl, which are used for mutual authentication and encryption/decoding ofthe license information. These pieces of information are used for mutualauthentication and encryption/decoding of the license information. Inthis case, Pl is a parameter of the algorithm Al, and the card adapter5004 and the license issuing device 5003 share the algorithm Al and theparameter Pl. X(l), Al, Pl, and Prl are stored in the card adapter 5004and the license issuing device 5003 while being protected to preventthese pieces of information from externally being read.

The license issuing device 5003 and the card P share a number X(k), akey generation algorithm Ak(Pk) for generating a given key uponreceiving a corresponding seed, and a sufficiently large prime numberPrk. These pieces of information are used for mutual authentication andencryption/decoding of the identification information KID of the card P.In this case, Pk is a parameter of the algorithm Ak, and the licenseissuing device 5003 and the card P share the algorithm Ak and theparameter Pk. X(k), Ak, Pk, and Prk are stored in the license issuingdevice 5003 and the card P while being protected to prevent these piecesof information from externally being read.

The card adapter 5004 and the card P share the number X(k), the keygeneration algorithm Ak(Pk) for generating a given key upon receiving acorresponding seed, and the sufficiently large prime number Prk. Thesepieces of information are used for mutual authentication andencryption/decoding of the identification information KID of the card P.In this case, Pk is a parameter of the algorithm Ak, and the cardadapter 5004 and the card P share the algorithm Ak and the parameter Pk.X(k), Ak, Pk, and Prk are stored in the card adapter 5004 and the card Pwhile being protected to prevent these pieces of information fromexternally being read.

The card adapter 5004 and the player 5005 share a number X(D), a keygeneration algorithm AD(PD) for generating a given key upon receiving acorresponding seed, and a sufficiently large prime number PrD. Thesepieces of information are used for mutual authentication andencryption/decoding of the disk key. In this case, PD is a parameter ofthe algorithm AD, and the card adapter 5004 and the player 5005 sharethe algorithm AD and the parameter PD. X(D), AD, PD, and PrD are storedin the card adapter 5004 and the player 5005 while being protected toprevent these pieces of information from externally being read.

The player 5005 stores a decoding key KpD, the card P stores a decodingkey KpC, the card adapter 5004 stores a decoding key KpA, and thelicense issuing device 5003 stores a decoding key KpL while protectingthem to prevent them from externally being read. The decoding keys KpD,KpC, KpA, and KpL are public keys of the public key cipher scheme. Thelicense creation device 5001 holds four secret keys KsD, KsA, KsC, andKsL corresponding to these public keys. The public keys and secret keysare used to update the numbers X(l), X(k), and X(D), the parameters Pl,Pk, and PD, and the prime numbers Prl, Prk, and PrD.

As described above, the disk key is subjected to double protection usinga cipher technique and distributed.

FIG. 126 shows an arrangement of the license creation device 5001. Thearrangement and disk information generation processing of the licensecreation device 5001 will be described below with reference to the flowchart shown in FIG. 131.

Disk information is generated every, e.g., 12 hours. For the descriptiveconvenience, a watchable period (valid period) is used as the licensecondition of contents, and disk information which grants a license witha contents watchable period of one week is generated.

Assume that the watchable period starts at 0:00 and 12:00. The licensecreation device 5001 starts to generate disk information, e.g., threehours before that time. That is, generation of disk information startsat 21:00 and 9:00. Generation of disk information for granting a licensewhose watchable period starts at 9:00 will be described. At 9:00, a diskinformation generation instruction is issued from a clock 5001 a to aninformation acquisition section 5001 b (steps S5001 and S5002). Theinformation acquisition section 5001 b transmits current dateinformation (e.g., 9:00, Apr. 2, 1981) received from the clock 5001 a toa valid period generation section 5001 c (step S5003).

The valid period generation section 5001 c returns, to the informationacquisition section 5001 b, the expiration date (e.g., 12:00, Apr. 9,1981) after one week calculated from 12:00 of the day on the basis ofthe date information (step S5004). The information acquisition section5001 b reads out a pair of information, i.e., the disk ID and the diskkey from the contents DB 5002, merges them with the expiration date togenerate disk information, and transfers it to a first encryptionsection 5001 d (step S5005). The disk information contains the disk ID,the disk key, and the expiration date.

The first encryption section 5001 d reads out the encryption key ke froma first encryption key storage section 5001 e and encrypts the diskinformation (step S5006). The encrypted disk information is added withan unencrypted disk key and distributed to the license issuing device5003 through a predetermined network (step S5007).

Processing in steps S5005 to S5007 is repeated, hereby generating diskinformation for all contents IDs registered in the contents DB 5002(step S5008).

The license issuing device 5003 stores the encrypted disk informationreceived from the license creation device 5001 in an internal license DB5003 f (FIG. 127) in correspondence with the disk ID, as shown in FIG.132.

It is important to insert the expiration date into the disk information.Although the license issuing device 5003 is set in the shop and canhardly be attacked, robbery may happen. However, since the diskinformation containing the expiration date does not guarantee apermanent license, the motive for theft of the license issuing device5003 weakens. In addition, to decode the disk information and steal thepermanent license (i.e., acquire the disk key), the decoding key kdstored in the card adapter 5004 and the secret information forencrypting/decoding the disk information must be stolen. However, whenboth the decoding key kd and the secret information are strictlyprotected on the hardware side, such theft is very difficult.

FIG. 127 shows an arrangement of the license issuing device 5003.

The card P is inserted into a card insertion section 5003 a. When a cardinsertion confirmation section 5003 b confirms that the card P isnormally inserted, the card P and the license issuing device 5003 cancommunicate through the card insertion section 5003 a.

A random number generation section 5003k generates random numbers al,cl, and ak to be used to encrypt/decode the ID of the card P (KID), theID of the card adapter 5004 (AID), and license information (Lic).

The secret parameters X(l), Prl, X(k), and Prk are stored in a basestorage section 5003 m in advance.

A power calculation section 5003 j calculates public parameters (firstseed generation information to third seed generation information) fromthe random numbers generated by the random number generation section5003 k and the secret parameters stored in the base storage section 5003m. The power calculation section 5003 j also generates a first seed fromfirst seed generation information transferred from the card P and therandom number ak generated by the random number generation section 5003k. A second seed is also generated from second seed generationinformation transferred from the card adapter 5004 through the card Pand the random number al generated by the random number generationsection 5003 k. A third seed is also generated from the second seedgeneration information transferred from the card adapter 5004 throughthe card P and the random number cl generated by the random numbergeneration section 5003 k.

For example, the second seed generation information X(l)^(al)(mod Prl)is calculated from the random number al and the secret parameters (X(l)and Prl). A power will be represented as “X(l){circumflex over ( )}al”using “{circumflex over ( )}” hereinafter. In addition, “mod” representsthe residue (in this case, the residue obtained by multiplying X(l)^(al)by the prime number Prl). In addition, the first seed generationinformation X(k){circumflex over ( )} ak(mod Prk) is calculated from therandom number ak and the secret parameters (X(k) and Prk).

A common key generation section 5003 l stores the key generationalgorithms Al(Pl) and Ak(Pk) in advance. The algorithm Ak(Pk) is appliedto the first seed to generate a first common key wl1. The algorithmAl(Pl) is applied to the second seed to generate a second common keywl1. The algorithm Al(Pl) is applied to the third seed to generate thethird common key wl2. By applying the algorithms Al(Pl) and Ak(Pk) tothe first to third seeds, the data length of each of the first to thirdseeds can be reduced.

A decoder section 5003 d decodes the encrypted card ID ([KID] wk1) andthe encrypted card adapter ID ([AID] wl1) using the common keys wk1 andwl1 generated by the common key generation section 5003 l.

The disk D for the rental use by the user is inserted into a diskconnection section 5003 g to read the ID (DID) of the disk D.

A card database (DB) 5003 i stores the correspondence between the ID ofthe card P issued to the user and the ID of the corresponding cardadapter 5004.

The license database (DB) 5003 f stores the encrypted disk informationtransferred from the license creation device 5001. As shown in FIG. 132,the encrypted disk information is stored in correspondence with the diskID (DID).

A license generation section 5003 e generates a license for a disk whenthe user is to rent the disk. More specifically, the encrypted diskinformation is retrieved from the license DB 5003 f using the ID (DID)of the disk D, which is read by the disk connection section 5003 g, as akey, the IDs (KID and AID) of the card P and the card adapter 5004 ofthe user are read out from the card DB 5003 i, and the current time isread from a clock 5003 h, thereby generating license informationcontaining the encrypted disk information, the license generation time,and the identification information KID and AID.

The generated license information is encrypted using the common key wl2generated on the basis of the public parameters exchanged with the cardadapter 5004 through the card P.

A control section 5003 c controls the entire license issuing device5003.

FIG. 128 shows an arrangement of the card P.

The card P is connected to the license issuing device 5003 or cardadapter 5004 through a device insertion section 5101. When a deviceinsertion confirmation section 5102 confirms that the card P is normallyinserted into the license issuing device 5003 or card adapter 5004, thecard P and the card adapter 5003 or card adapter 5004 can communicatethrough the device insertion section 5101.

A random number generation section 5107 generates random numbers bk anddk to be used to encrypt/decode the card ID (KID) before the ID (KID) ofthe card P is transferred to the license issuing device 5003 or cardadapter 5004.

A base storage section 5109 stores the secret parameters X(k) and Prk inadvance.

A power calculation section 5106 calculates public parameters (firstseed generation information and fifth seed generation information) fromthe random numbers generated by the random number generation section5107 and the secret parameters stored in the base storage section 5109.The power calculation section 5106 also generates the first seed fromthe first seed generation information transferred from the licenseissuing device 5003 and the random number bk generated by the randomnumber generation section 5107. A fifth seed is also generated from thefifth seed generation information transferred from the card adapter 5004and the random number dk generated by the random number generationsection 5107.

A common key generation section 5108 stores the key generation algorithmAk(Pk) in advance. The algorithm Ak(Pk) is applied to the first seed togenerate the first common key wl1. The algorithm Ak(Pk) is applied tothe fifth seed to generate the fifth common key wl1. By applying the keygeneration algorithm Ak(Pk) to the first and fifth seeds, the datalength of each of the first and fifth seeds can be reduced.

A KID storage section 5105 stores the ID (identification information)for uniquely identifying the card P, i.e., KID in advance.

A KID encryption section 5104 encrypts the KID stored in the KID storagesection 5105 using the common keys wk1 and wk2 generated by the commonkey generation section 5108.

A control section 5103 controls the entire card P.

The card P is inserted into a card insertion section 5004 a. When a cardinsertion confirmation section 5004 b confirms that the card P isnormally inserted, the card P and the card adapter 5004 can communicatethrough the card insertion section 5004 a.

A random number generation section 5004 k generates random numbers bl,aD, ck, and dD to be used to encrypt/decode the ID (AID) of the cardadapter 5004 itself, which is stored in an AID storage section 5004 f inadvance, the license information (Lic), the ID (DID) of the disk D setin the player, the ID (KID) of the card P, and the disk key.

A random number storage section 50041 stores the random numbers bl, aD,and ck generated by the random number generation section 5004 k.

A base storage section 5004 m stores the secret parameters X(l), Prl,X(k), Prk, X(D), and PrD in advance.

A power calculation section 5004 j calculates public parameters (secondseed generation information, fourth seed generation information, fifthseed generation information, and sixth seed generation information) fromthe random numbers generated by the random number generation section5004 k and the secret parameters stored in the base storage section 5004m. The power calculation section 5004 j also generates a second seedfrom the second seed generation information transferred from the licenseissuing device 5003 through the card P and the random number blgenerated by the random number generation section 5004 k. A third seedis also generated from the third seed generation information transferredfrom the license issuing device 5003 through the card P and the randomnumber bl generated by the random number generation section 5004 k. Afourth seed is also generated from the fourth seed generationinformation transferred from the player 5005 and the random number aDgenerated by the random number generation section 5004 k. A fifth seedis also generated from the fifth seed generation information transferredfrom the card P and the random number ck generated by the random numbergeneration section 5004 k. A sixth seed is also generated from the sixthseed generation information transferred from the player 5005 and therandom number dD generated by the random number generation section 5004k.

A common key generation section 5004 i stores the key generationalgorithms Al(Pl), Ak(Pk), and AD(PD) in advance. The algorithm Al(Pl)is applied to the second seed to generate the second common key wl1. Thealgorithm Al(Pl) is applied to the third seed to generate the thirdcommon key wl2. The algorithm AD(PD) is applied to the fourth seed togenerate a fourth common key wD1. The algorithm Ak(Pk) is applied to thefifth seed to generate the fifth common key wk2. The algorithm AD(PD) isapplied to the sixth seed to generate a sixth common key wD2. Byapplying the key generation algorithms Al(Pl), Ak(Pk), and AD(PD) to thesecond to sixth seeds, the data length of each of the second to sixthseeds can be reduced.

An encryption/decoder section 5004 o encrypts the disk key using thecommon key wD2 generated by the common key generation section 5004 i.The encryption/decoder section 5004 o also decodes the encrypted licenseinformation [Lic] wl2, the encrypted disk ID [DID] wD1, and theencrypted card ID [KID] wk2 using the common keys wl2, wD1, and wk2generated by the common key generation section 5004 i.

The AID storage section 5004 f stores the ID (identificationinformation), i.e., AID for uniquely identifying the card adapter 5004in advance.

An AID encryption section 5004 d encrypts the AID stored in the AIDstorage section 5004 f using the common key wl1 generated by the commonkey generation section 5004 i.

A kd storage section 5004 g stores the decoding key kd for decoding thedisk information encrypted using the encryption key ke.

The player 5005 is connected to a player connection section 5004 n tocommunicate with the card adapter 5004.

A license decision section 5004 e decodes the encrypted disk informationcontained in the license information transferred from the licenseissuing device 5003 through the card P using the decoding key kd. Inlicense decision processing (FIGS. 139 and 140), the followingconditions are checked.

Whether the card ID (KID) and card adapter ID (AID) contained in thelicense information match the card ID (KID) of the card P inserted intothe license decision section 5004 e and the card adapter ID (AID) storedin the AID storage section 5004 f, respectively.

Whether the license information generation time is earlier than thecurrent time indicated by a clock 5004 h.

Whether the disk ID (DID) contained in the disk information matches theID of the disk D which is currently being set in the player 5005.

Whether the current time indicated by the clock 5004 h satisfies theexpiration date contained in the disk information.

When the above conditions are satisfied, the license decision section5004 e outputs the disk key contained in the disk information to theplayer 5005. At this time, the disk key is encrypted using the commonkey wD2 generated on the basis of the sixth seed generation informationexchanged with the player 5005 through the player connection section5004 n.

The card adapter 5004 is connected to a card adapter connection section5005 a to communicate with the player 5005.

A random number generation section 5005 i generates random numbers bDand cD to be used to encrypt/decode the disk key and the ID (DID) of thedisk D, which is read from the disk D set in a disk drive 5005 d.

A random number storage section 5005 k stores the random number cDgenerated by the random number generation section 5005 i.

A base storage section 5005 l stores the secret parameters X(D) and PrDin advance.

A power calculation section 5005 h calculates public parameters (fourthseed generation information and sixth seed generation information) fromthe random numbers generated by the random number generation section5005 i and the secret parameters stored in the base storage section 5005l. The power calculation section 5005 h also generates a fourth seedfrom the fourth seed generation information transferred from the cardadapter 5004 and the random number bD generated by the random numbergeneration section 5005 i. A sixth seed is also generated from the sixthseed generation information transferred from the card adapter 5004 andthe random number cD generated by the random number generation section5005 i.

A common key generation section 5005 j stores the key generationalgorithm AD (PD) in advance. The algorithm AD(PD) is applied to thefourth seed to generate the common key wD1. The algorithm AD(PD) isapplied to the sixth seed to generate the common key wD2. By applyingthe key generation algorithm AD(PD) to the fourth and sixth seeds, thedata length of each of the fourth and sixth seeds can be reduced.

The disk D is set in the disk drive 5005 d, and the disk ID (DID), theencrypted contents information, and the encrypted contents key stored inthe disk D are read. The disk ID (DID) is transferred to a DIDencryption section 5005 c, and the encrypted contents information andthe encrypted contents key are transferred to a reproduction section5005 f.

The DID encryption section 5005 c encrypts the disk ID (DID) using thecommon key wD1 generated by the common key generation section 5005 j.

A disk key decoder section 5005 e decodes the encrypted disk key [diskkey] wD2 using the common key wD2 generated by the common key generationsection 5005 j. The decoded disk key is transferred to the reproductionsection 5005 f.

The reproduction section 5005 f decodes the encrypted contents key usingthe disk key, decodes the encrypted contents information using thedecoded contents key, reproduces the contents information, and outputsit to an output section 5005 g.

The disk key distribution procedure in the information distributionsystem shown in FIG. 122 will be sequentially described next withreference to the view shown in FIG. 133 and the flow charts shown inFIGS. 134 to 140 about the subscription to a disk rental service, rentalof a disk, and reproduction of contents.

The subscription to a disk rental service will be described first.

Step x1: The card P issued to the user is inserted into the licenseissuing device 5003. The license issuing device 5003 generates therandom number al. To acquire the ID (AID) of the card adapter 5004, apublic parameter necessary for encrypting the AID, i.e., the second seedgeneration information X(l){circumflex over ( )}al(mod Prl) iscalculated from the random number al and the secret parameters (X(l) andPrl) and transferred to the card P (steps S6001 to S6003 in FIG. 134).

Step x2: The license issuing device 5003 also generates the randomnumber ak. To acquire the ID (KID) of the card P, the first seedgeneration information X(k){circumflex over ( )}ak(mod Prk) iscalculated from the random number ak and the secret parameters (X(k) andPrk) and transferred to the card P (steps S6010 and S6011 in FIG. 135).

Step x3: Upon receiving the first seed generation information, the cardP generates the random number bk. The first seed (X(k){circumflex over ()}ak){circumflex over ( )}bk=X(k){circumflex over ( )}(ak·bk)(mod Prk)is calculated from the random number bk and the first seed generationinformation. The algorithm Ak(Pk) stored in advance is applied to thefirst seed to generate the common key wk1. The ID (KID) of the card P isencrypted using the common key wk1. The KID encrypted using the commonkey wk1 will be represented as [KID] wl1 hereinafter. The first seedgeneration information X(k){circumflex over ( )}bk(mod Prk) necessaryfor decoding [KID] wk1 is calculated from the random number bk and thesecret parameters (X(k) and Prk). The [KID] wk1 and the first seedgeneration information are transferred to the license issuing device5003 (steps S6012 to S6016 in FIG. 135).

The license issuing device 5003 generate the first seed from the firstseed generation information transferred from the card P and thepreviously generated random number ak. The algorithm Ak(Pk) is appliedto the first seed to generate the common key wk1. The [KID] wk1 isdecoded to obtain the ID (KID) of the card P (steps S6017 to S6019).

The ID of the card P acquired in the above manner is stored in the carddatabase (DB) 5003 i in correspondence with the previously generatedrandom number al (step S6021 in FIG. 135). The information stored in thecard DB 5003 i is used later to decode the ID (AID) of the card adapter,which is acquired through the card P. At this time point, the secondseed generation information X(l){circumflex over ( )}al(mod Prl)received from the license issuing device is stored in the card P.

Step x4: The user takes home the card P which has undergone theabove-described processing and inserts the card P into the card adapter5004 at home. The card adapter 5004 reads the second seed generationinformation from the card P. The card adapter 5004 generates the randomnumber bl and calculates the second seed X(l){circumflex over ()}(al·bl)(mod Prl) from the random number bl and the second seedgeneration information. The algorithm Al(Pl) stored in advance isapplied to the second seed to generate the common key wl1. Theidentification information AID of the card adapter 5004 is encryptedusing the common key wl1. The AID encrypted using the common key wl1will be represented as [AID] wl1 hereinafter.

Step x5: The second seed generation information X(l){circumflex over ()}bl(mod Prl) is calculated from the previously generated random numberbl and the secret parameters (X(l) and Prl), and the second seedgeneration information and the [AID] wl1 are transferred to the card P(steps S6004 to S6009 in FIG. 134).

At this time point, the second seed generation information and the [AID]wl1 are stored in the card P. The second seed generation informationX(l){circumflex over ( )}Aal(mod Prl) stored previously may be erasedfrom the card P. The card adapter 5004 stores the random number bl inthe random number storage section 5004 l to decode the licenseinformation later.

To rent a disk, the user goes to, e.g., a member shop of the disk rentalservice (a shop having where the license issuing device 5003 is set),selects a desired disk, and presents the disk and the card P to a clerk.

Steps x6 and x7: The presented card P and disk D are inserted into thelicense issuing device 5003. To acquire the ID (KID) of the card P, thelicense issuing device 5003 obtains the identification information ofthe card P from the card P, as in steps x2 and x3 (step S6001 in FIG.134 and steps S6010 to S6019 in FIG. 135). The random numbers ak and bkgenerated at this time do not always match the random numbers ak and bkin steps x2 and x3, though this poses no problem in acquiring the KID.

Step x8: The card P transfers the second seed generation information and[AID] wl1 to the license issuing device 5003. The license issuing device5003 retrieves the random number al corresponding to the card ID (KID)acquired in step x7 from the card DB 5003 i. If the card P has undergonethe above-described authentic procedure, the random number alcorresponding to the card ID (KID) must be registered in the card DB5003 i. The license issuing device 5003 calculates the second seedX(l){circumflex over ( )}(al·bl)(mod Prl) from the second seedgeneration information transferred from the card P and the retrievedrandom number al and applies the algorithm Al(Pl) to the second seed togenerate the common key wl1. The [AID] wl1 is decoded using the commonkey wl1 to obtain the ID (AID) of the card adapter 5004 (steps S6020 andS6021 in FIG. 135 and steps S6022 to S6026 in FIG. 136).

The license issuing device 5003 stores the identification informationAID of the card adapter 5004in the card DB 5003 i in correspondence withthe identification information of the card P (step S6027 in FIG. 136).

With the above procedure, the license issuing device 5003 can grasp thecombination of the card ID (KID) and the card adapter ID (AID) which aregiven to the user. Even when the user uses a plurality of card adapters,the license issuing device 5003 can grasp IDs of all card adapters ofthe user. In this case, IDs (AIDs) of the plurality of card adapters arestored in the card DB 5003 i in correspondence with one card ID (KID)

Step x9: On the other hand, the license issuing device 5003 acquires theID (DID) of the inserted disk D from the disk and encrypted diskinformation corresponding to the disk ID from the license DB 5003 f.This encrypted disk information is merged with current time acquiredfrom the clock 5003 h as license information generation time.Information (user's card ID (KID) or card adapter ID (AID)) stored inthe card DB 5003 i is also merged, as needed, to generate licenseinformation (Lic). That is,

Lic=encrypted disk information+license information generation time(+AID+KID)

Whether the AID and KID are to be inserted into the license informationLic depends on decision of the shop. Alternatively, the license creationdevice 5001 may decide necessity of AID/KID and record the decisioncontents in the license DB 5003 f in correspondence with the card ID (asadditional information) (in this case, when the additional informationis present, the license issuing device 5003 can merge the AID and KIDwith the license information Lic). Insertion of the AID into the licenseinformation Lic section that the license is limited to a specific cardadapter. In addition, insertion of the KID into the license informationLic section that the license is limited to a specific card (steps S6028to S6030 in FIG. 136).

The license issuing device 5003 generates the random number cl. Sincethe second seed generation information X(l){circumflex over ( )}bl(modPrl) has already been read from the card P, the license issuing device5003 calculates the third seed X(l){circumflex over ( )}(bl·cl)(mod Prl)from the random number cl and the second seed generation information.The algorithm Al(Pl) is applied to the third seed to generate the keywl2, and the license information Lic is encrypted. The licenseinformation Lic encrypted using the common key wl2 will be representedas [Lic] wl2 hereinafter. A public parameter necessary for decoding the[Lic] wl2, i.e., the third seed generation information X(l){circumflexover ( )}cl(mod Prl) is calculated from the random number cl and thesecret parameters (X(l) and Prl). The third seed generation informationand the encrypted license information [Lic] wl2 are transferred to thecard P (steps S6031 to S6035 in FIG. 136).

At this time point, the encrypted license information [Lic] wl2 and thethird seed generation information are stored in the card P. The [AID]wl1 previously stored in the card P may be erased because theinformation has already been transferred to the license issuing device5003.

The user takes home the card P which has undergone the above processingand the disk D and can reproduce the contents using the card adapter5004 and the player 5005 at home.

Step x11: To reproduce the contents, the user inserts the card P intothe card adapter 5004 and sets the disk D in the player 5005. The cardadapter 5004 reads out the encrypted license information [Lic] wl2 andthe third seed generation information from the card P and calculates thethird seed X(l){circumflex over ( )}(bl·cl)(mod Prl) from the third seedgeneration information and the random number bl temporarily stored instep x5. The algorithm Al(Pl) is applied to the third seed to generatethe common key wl2, thereby decoding the encrypted license information[Lic] wl2 (steps S6046 to S6049 in FIG. 138).

Step x12: On the other hand, the player 5005 reads the disk ID (DID)from the set disk D.

Step s13: The card adapter 5004 generates the random number aD. Toacquire the disk ID (DID) of the disk D from the player 5005, the cardadapter 5004 generates a public parameter necessary for decodingencrypting the disk ID (DID), i.e., the fourth seed generationinformation. More specifically, the fourth seed generation informationX(D){circumflex over ( )}aD(mod PrD) is calculated from the randomnumber aD and the secret parameters (X(D) and PrD) and transferred tothe player 5005 (step S6036 and S6037 in FIG. 137).

Step x14: Upon receiving the fourth seed generation information, theplayer 5005 generates the random number bD and calculates the fourthseed X(D){circumflex over ( )}(aD·bD)(mod PrD) from the fourth seedgeneration information and the random number bD. The algorithm AD(PD) isapplied to generate the common key wD1, thereby encrypting the disk ID(DID). The DID encrypted using the common key wD1 will be represented as[DID] wD1 hereinafter. In addition, a public parameter necessary fordecoding the [DID] wD1, i.e., the fourth seed generation informationX(D){circumflex over ( )}bD(mod PrD) is calculated from the randomnumber bD and the secret parameters (X(D) and PrD), and [DID] wD1 andthe fourth seed generation information are transferred to the cardadapter 5004 (steps S6038 to S6042 in FIG. 137).

Upon receiving the fourth seed generation information and [DID] wD1transferred from the player 5005, the card adapter 5004 calculates thefourth seed X(D){circumflex over ( )}(aD·bD)(mod PrD) from the fourthseed generation information and the random number aD. The algorithmAD(PD) is applied to the fourth seed to generate the common key wD1. The[DID] wD1 is decoded to acquire the disk ID (DID) (steps S6043 to S6045in FIG. 137).

The flow advances to step S6050 in FIG. 138 to perform processing ofdeciding on the basis of the license information whether the contentsinformation can be decoded (license decision processing) (FIGS. 139 and140).

If the license information contains the card adapter ID, the cardadapter 5004 compares the card adapter ID (AID) stored in the AIDstorage section 5004 f with that contained in the license information.

Unless the IDs match, the license information is not adapted to the cardadapter 5004, and processing is ended. If the AIDs match, the flowadvances to the next processing (steps S6061 and S6062 in FIG. 139).

Step x15: When the card ID is contained in the license information, toacquire the identification information KID from the card P, the cardadapter 5004 generates the random number ck first and a public parameternecessary for encrypting the card ID (KID) of the card P, i.e., thefifth seed generation information.

More specifically, the fifth seed generation information X(k){circumflexover ( )}ck(mod Prk) is calculated from the random number ck and thesecret parameters (X(k) and Prk) and transferred to the card P (stepsS6063 to S6065 in FIG. 139).

Step x16: Upon receiving the fifth seed generation information, the cardP generates the random number dk and calculates the fifth seedX(k){circumflex over ( )}(ck·dk)(mod Prk) from the fifth seed generationinformation and the random number dk. The algorithm Ak(Pk) is applied tothe fifth seed to generate the key wk2, thereby encrypting the card ID(KID) of the card P. The KID encrypted using the common key wk2 will berepresented as [KID] wk2 hereinafter. In addition, a public parameternecessary for decoding the [KID] wk2, i.e., the fifth seed generationinformation X(k){circumflex over ( )}·dk(mod Prk) is calculated from therandom number dk, and the fifth seed generation information and the[KID] wk2 are transferred to the card adapter 5004 (steps S6066 toS6070).

The card adapter 5004 calculates the fifth seed from the fifth seedgeneration information and the random number dk transferred from thecard P. The algorithm Ak(Pk) is applied to the fifth seed to generatethe key wk2. The [KID] wk2 is decoded to obtain the KID. When the cardID (KID) sent from the card P matches that contained in the licenseinformation, the flow advances to the next processing. Otherwise, it isdecided that the license information stored in the card P is not adaptedto the card P, processing is ended (steps S6071 to S6074).

Step x17: The card adapter 5004 checks the license informationgeneration time contained in the license information. The licenseinformation generation time is represented as T1. The card adapter 5004acquires current time Tc indicated by the clock 5004 h. When Tc £ T1,the current time Tc indicated by the clock 5004 h is delayed. Actually,the time T1 when the license information has been generated must beearlier than the current time Tc. Therefore, when Tc £ T1, the cardadapter 5004 decides that the clock 5004 h is not correct and stopsprocessing. Alternatively, some allowable error range Te (>0) may be setin advance, and when or only when Tc>T1+Te holds, the flow may advanceto the next processing (step S6075 in FIG. 140).

The encrypted disk information contained in the license information isdecoded using the decoding key kd held in advance (step S6076). The diskinformation contains the disk ID (DID), the disk key, and the expirationdate (TL). First, the expiration date TL is compared with the currenttime Tc indicated by the clock 5004 h. If TL<Tc, the license hasexpired, so the card adapter 5004 stops processing. Alternatively, someallowable error range Te' (>0) may be set in advance, and when or onlywhen Tc £ TL+Te′ holds, the flow may advance to the next processing(step S6077).

Finally, the card adapter 5004 compares the disk ID (DID) contained inthe disk information with the disk ID of the disk D, which is acquiredin advance. If the disk IDs do not match, the license information isinformation generated for a disk different from the disk D which iscurrently being set in the player 5005, so the card adapter 5004 stopsprocessing. When the disk IDs match, it is decided that the contentsinformation recorded on the disk D can be reproduced (step S6078).

If it is decided that reproduction is enabled, the card adapter 5004instructs the player 5005 to generate a random number to transfer thedisk key contained in the disk information to the player 5005.

Step x18: Upon receiving the random number generation instruction, theplayer 5005 generates the random number cD, calculates the sixth seedgeneration information X(D){circumflex over ( )}cD(mod PrD) from therandom number cD and the secret parameters (X(D) and PrD), and transfersit to the card adapter 5004 (steps S6051 and S6052 in FIG. 138).

Step x19: Upon receiving the sixth seed generation information, the cardadapter 5004 generates the random number dD. The sixth seedX(D){circumflex over ( )}(cD·dD)(mod PrD) is calculated from the sixthseed generation information and the random number dD. The algorithmAD(PD) is applied to the sixth seed to generate the common key wD2 forencrypting the disk key. The disk key is encrypted using the common keywD2. The disk key encrypted using the common key wD2 will be representedas [disk key] wD2 hereinafter. In addition, a public parameter necessaryfor decoding the [disk key] wD2, i.e., the sixth seed generationinformation X(D){circumflex over ( )}d(mod PrD) is generated from therandom number dD and the secret parameters (X(D) and PrD), and the sixthseed generation information and the [disk key] wD2 are transferred tothe player 5005 (steps S6053 to S6056).

The player 5005 calculates the sixth seed X(D){circumflex over ()}(cD·dD)(mod PrD) from the sixth seed generation information and therandom number cD transferred from the card adapter 5004. The algorithmAD(PD) is applied to the sixth seed to generate the common key wD2,thereby decoding the [disk key] wD2 (step S6057 to S6059).

The player 5005 decodes the encrypted contents key stored in the disk Dusing the disk key, so the encrypted contents information can bedecoded/reproduced using the contents key (step S6060).

The decoding key kd of the encrypted disk information may be stored inthe player 5005. In this case, the player 5005 decodes the encrypteddisk information. Since the clock 5004 h which is referred to to decidethe validity of the license information generation time or expirationdate is incorporated in the card adapter 5004, the expiration datecannot be inserted into the encrypted disk information. Therefore, inthis case, the encrypted disk information transferred from the licensecreation device 5001 to the license issuing device 5003 contains “diskID+disk key” as constituent elements. The expiration date can be mergedwith the encrypted disk information in generating the licenseinformation in step x9, so license information containing the encrypteddisk information, the license information generation time, theexpiration date, and, as needed, the card ID (KID) and the card adapterID (AID), can be generated.

The card adapter 5004 decides the validity of the expiration datewithout decoding the disk information using the decoding key kd.

Storage of the decoding key kd in the player 5005 yields the followingadvantage.

Since the encrypted disk information to be stored in the license issuingdevice 5003 does not contain the expiration date, the disk informationneed not be updated. That is, the license creation device 5001 cangenerate only the encrypted disk information of a newly added rentaldisk and appropriately transfer it to the license issuing device 5003.

Disadvantages are as follows.

Since the encrypted disk information is not updated, the motive forillicit use of the license issuing device 5003 is strengthened.

To protect the decoding key kd in the player 5005, the security of theplayer 5005 must be increased.

The procedure required to the user in the above disk key distributionwill be briefly described.

i) In subscribing to the disk rental service, the user receives issue ofthe card P in the member shop of the disk rental service. The userpurchases or rents the card adapter 5004, as needed.

ii) The user inserts the card P into the card adapter 5004 connected tothe player 5005 at home.

iii) To rent a disk, the user goes to the shop with the card P, selectsa desired rental disk D, and pays for the issue of the license into thecard P.

iv) The user takes the disk D and the card P home, inserts the card Pinto the card adapter 5004, and reproduces the disk D. The disk D can bereproduced any number of times before the expiration date of thelicense.

v) To rent another disk, the user repeats the processes iii) and iv).

It is more advantageous for the user to receive issue of the card P andsimultaneously rent the disk in subscribing to the disk rental service.The procedure required to the user at this time will be brieflydescribed.

i) In subscribing to the disk rental service, the user receives issue ofthe card P in the member shop of the disk rental service. The userpurchases or rents the card adapter 5004, as needed.

ii′) The user selects a desired rental disk D, and pays for the issue ofthe license into the card P.

iii′) The user takes the disk D and the card P home, inserts the card Pinto the card adapter 5004, and reproduces the disk D. The disk can bereproduced any number of times before the expiration date of thelicense.

iv′) To rent another disk, the user repeats the processes ii′) andiii′).

A disk key distribution procedure in this case will be described next.

Another disk key distribution procedure in the information distributionsystem shown in FIG. 122 will be sequentially described next withreference to the view shown in FIG. 141 and the flow charts shown inFIGS. 142 to 146 about the subscription to a disk rental service, rentalof a disk, and reproduction of contents.

All the card adapters 5004 and license issuing devices 5003 provided tothe subscribers of the disk rental service share a random number b10.The random number b10 is stored in, e.g., a ROM and preferably protectedto prevent from being read outside the card adapter.

The random number bl0 is stored in the base storage sections 5003 m and5004 m of the license issuing device 5003 and the card adapter 5004 inadvance.

The subscription to a disk rental service will be described first.

Steps y1 and y2: The card P issued to the user is inserted into thelicense issuing device 5003. The license issuing device 5003 acquiresthe card ID (KID) from the card P in the same manner as in steps x2 andx3 and steps x6 and x7 in FIG. 133 (step S6101 to S6110 in FIG. 142).

Step y3: The rental disk D selected by the user is also inserted intothe license issuing device 5003. The license issuing device 5003acquires the disk ID (DID) from the inserted disk D and encrypted diskinformation corresponding to the disk ID from the license DB 5003 f.

The license issuing device 5003 merges current time acquired from theclock 5003 h as license information generation time and also merges thecard ID (KID) of the user to generate license information (Lic) (stepsS6111 to S6114 in FIG. 142). That is,

Lic=encrypted disk information+license information generation time+KID

Step y4: The license issuing device 5003 generates the random number al.The card ID of the card P and the random number al are stored in thecard DB 5003 i.

A seventh seed X(l){circumflex over ( )}(al·bl0)(mod Prl) is calculatedfrom the random number al and, e.g., the secret parameters (X(l) andPrl). The algorithm Al (Pl) is applied to the seventh seed to generate acommon key wl3, thereby encrypting the license information Lic. Thelicense information Lic encrypted using the common key wl3 will berepresented as [Lic] wl3 hereinafter. A public parameter necessary fordecoding the [Lic] wl3, i.e., the seventh seed generation informationX(l){circumflex over ( )}al(mod Prl) is calculated from the randomnumber al and the secret parameters (X(l) and Prl). The seventh seedgeneration information and the encrypted license information [Lic] wl3are transferred to the card P (steps S6115 to S6119 in FIG. 142).

At this time point, the encrypted license information [Lic] wl3 and theseventh seed generation information are stored in the card P.

The user takes home the card P which has undergone the above processingand the disk D and can reproduce the contents using the card adapter5004 and the player 5005 at home.

Step y5: To reproduce the contents, the user inserts the card P into thecard adapter 5004 and sets the disk D in the player 5005. The cardadapter 5004 reads the encrypted license information [Lic] wl3 and theseventh seed generation information from the card P and calculates theseventh seed X(l){circumflex over ( )}(al·bl0)(mod Prl) from the seventhseed generation information and the random number bl0 stored in the basestorage section 5004 m in advance. The algorithm Al(Pl) is applied tothe seventh seed to generate the common key wl3, thereby decoding theencrypted license information [Lic] wl3. The card adapter 5004 decodesthe encrypted disk information contained in the license informationusing the decoding key kd (steps S6120 to 6129 in FIG. 143).

Steps y8 and y9: The card adapter 5004 acquires the card ID (KID) as insteps x15 and x16 in FIG. 133 (steps S6130 to S6139 in FIG. 143).

Steps y10 to y12: The card adapter 5004 also acquires the disk ID (DID)of the disk D as in steps x12 to x14 in FIG. 133 (Steps S6140 to S6149in FIG. 144).

Step y13: The flow advances to step S6150 in FIG. 145 to performprocessing of deciding on the basis of the license information whetherthe contents information can be decoded (license decision processing)(FIG. 146).

In license decision processing (FIG. 146), the following conditions arechecked.

Whether the card ID (KID) contained in the license information matchesthe card ID of the card P inserted into the card adapter 5004.

Whether the disk ID (DID) contained in the disk information matches thedisk ID of the disk D which is currently being set in the player 5005.

Whether the license information generation time is earlier than thecurrent time indicated by a clock 5004 h.

Whether the current time indicated by the clock 5004 h satisfies theexpiration date contained in the disk information.

Only when the above conditions are satisfied, the card adapter 5004decides that the contents information recorded on the disk D can bereproduced and instructs the player 5005 to generate a random number totransfer the disk key contained in the disk information.

Steps y14 and y15: As in steps x18 and x19 in FIG. 133, the disk key isencrypted using the common key wD2 generated on the basis of the sixthseed generation information exchanged with the player 5005, andtransferred to the player 5005 (steps S6150 to S6161 in FIG. 145).

Steps y6 and y7: On the other hand, the card adapter 5004 executesprocessing of transferring the card adapter ID (AID) stored in the AIDstorage section 5004 f in advance to the card P before or after theabove license decision processing. At this time, the card adapter ID(AID) is encrypted using the common key wl1 generated on the basis ofthe seventh seed generation information (the seventh seed generationinformation is the same as the second seed generation information)transferred from the license issuing device 5003 through the card P andthe random number bl generated by the random number generation section5004 k, as in steps x4 and x5 in FIG. 133.

The same processing as in steps x6 to x19 in FIG. 133 is performed fromthe second disk rental. In the second disk rental, the license issuingdevice 5003 can acquire the card adapter ID (AID) of the user in step x8in FIG. 133. That is, the correspondence between the card ID (KID) ofthe card P and the card adapter ID (AID) is stored in the card DB 5003i.

In distribution of license information containing a disk key in thepresent invention, partner certification and transfer protection areperformed on the basis of the secret parameters of each device on thedistribution route and the public parameters (generated from the secretparameters) exchanged between the devices. Therefore, periodically orwhen attack to the security is suspected, the secret parameters or thedecoding key kd of encrypted disk information (the parameters anddecoding key will be called encryption parameters hereinafter) arepreferably occasionally updated. The update is preferably performed onthe basis of directions from the license creation device 5001.

The encryption parameters to be updated by the license creation device5001 are, e.g., (X(l), Pl, and Prl), (X(k), Pk, and Prk), X(D), PD, andPrD), and (kd, and ke). Encryption parameter update processing will bedescribed with reference to the flow charts shown in FIGS. 147 to 149.

An encryption parameter generation section 5001h of the license creationdevice 5001 updates the encryption parameters using, e.g., a randomnumber generator and then generates parameter update information for therespective devices (the player 5005, the card adapter 5004, the card P,and the license issuing device 5003) (step S6201 in FIG. 147).

Parameter update information for the player contains X(D), PD, and PrD.Parameter update information for the card adapter contains X(l), Pl,Prl, X(k), Pk, Prk, X(D), PD, PrD, and kd. Parameter update informationfor the card contains X(k), Pk, and Prk. Parameter update informationfor the license issuing device contains X(l), Pl, Prl, X(k), Pk, andPrk.

A second encryption section 5001 g encrypts the parameter updateinformation for the respective devices using the encryption keys KsD,KsA, KsC, and KsL stored in a second encryption key storage section5001f in advance (steps S6202 and S6203), respectively. Morespecifically, the parameter update information for the player isencrypted using the encryption key KsD, the parameter update informationfor the card adapter is encrypted using the encryption key KsA, theparameter update information for the card is encrypted using theencryption key KsP, and the parameter update information for the licenseissuing device is encrypted using the encryption key KsL. The parameterupdate information, i.e., the encryption parameter for, e.g., the playerencrypted using the corresponding encryption key will be represented as[parameter update information] KsD.

The encryption parameter update information for the respective devicesare as follows.

The encryption parameter update information for the player (UD):[X(D)+PD+PrD] KsD

The encryption parameter update information for card adapter (UA):[X(l)+Pl+Prl+X(k)+Pk+Prk+X(D)+PD+PrD+kd] KsA

The encryption parameter update information for the card (UC):[X(k)+Pk+Prk] KsC

The encryption parameter update information for the license issuingdevice (UL): [X(l)+Pl+Prl+X(k)+Pk+Prk] KsL

The current time (encryption parameter update time) is acquired from theclock 5001 a and transferred to the license issuing device 5003 togetherwith the encryption parameter information for the devices (steps S6204and S6205).

Upon receiving the encryption parameter information for the devices (UD,UA, UC, and UL) and the update time, the license issuing device storesthe pieces of encryption parameter information UD, UA, and UC and theupdate time in the internal memory (step S6206 in FIG. 148).

The license issuing device 5003 stores the decoding key KpLcorresponding to the encryption key KsL in the memory in advance. Theencryption parameter update information UL is decoded using the decodingkey KpL to update the encryption parameters X(l), Pl, Prl, X(k), Pk, andPrk stored in the base storage section 5003 m and the common keygeneration section 50031 (step S6208). Since Pl and Pk are theparameters of the key generation algorithms Al and Ak, respectively, thekey generation algorithms are updated.

Processing of updating the encryption parameters of the card P isexecuted when the card P is inserted into the license issuing device5003.

When the card P of the user is inserted into the license issuing device5003, the license issuing device 5003 acquires the latest encryptionparameter update time from the card P. When the update time is olderthan the update time stored in the license issuing device 5003 (updatetime transferred from the license creation device 5001), the flowadvances to step S6210; otherwise, the encryption parameter updateoperation is ended, and normal processing such as a write of licenseinformation is performed (step S6209).

In step S6210, the license issuing device 5003 transfers the pieces ofencryption parameter update information UD, UA, and UC and the updatetime to the card P. The card P stores the pieces of encryption parameterupdate information UD and UA and the update time in the internal memory.

The card P stores the decoding key KpC corresponding to the encryptionkey KsC in the memory in advance. The encryption parameter updateinformation UC is decoded using the decoding key KpC to update theencryption parameters X(k), Pk, and Prk stored in the common keygeneration section 5108 (steps S6211 and S6212).

Processing of updating the encryption parameters of the card adapter5004 is executed when the user inserts the card P into the card adapter5004. More specifically, when the card adapter ID (AID) is to betransferred to the card P, or when license information is to betransferred from the card P to the card adapter 5004 to reproduce thedisk D, encryption parameter update processing for the card adapter 5004is executed.

The card P transfers the latest encryption parameter update time of thecard P (the update time transferred from the license issuing device5003) to the card adapter 5004. When the update time is older than thelatest encryption parameter update time stored in the card adapter 5004,the flow advances to step S6214; otherwise, the encryption parameterupdate operation is ended, and normal processing is performed (stepS6213).

In step S6214, the card P transfers the pieces of encryption parameterupdate information UD and UA and the update time to the card adapter5004. The card adapter 5004 stores the encryption parameter updateinformation UD and the update time in the internal memory.

The card adapter 5004 stores the decoding key KpA corresponding to theencryption key KsA in the memory in advance. The encryption parameterupdate information UA is decoded using the decoding key KpA to updatethe encryption parameters X(l), Pl, Prl, X(k), Pk, Prk, X(D), PD, PrD,and kd stored in the base storage section 5109, the common keygeneration section 5108, and the kd storage section 5004 g (steps S6215and S6216). After this, normal processing is performed.

Processing of updating the encryption parameters of the player 5005 isexecuted when the card adapter 5004 and the player 5005 are tocommunicate with each other. More specifically, when the disk ID (DID)is to be transferred from the player 5005 to the card adapter 5004,encryption parameter update processing for the player 5005 is executed.

For example, before the player 5005 transfers the disk ID (DID) to thecard adapter 5004, the latest encryption parameter update time of theplayer 5005 is transferred to the card adapter 5004.

When the update time transferred from the player 5005 is older than thelatest encryption parameter update time stored in the card adapter 5004,the flow advances to step S6218; otherwise, the encryption parameterupdate operation is ended, and normal processing is performed (stepS6217).

In step S6218, the card adapter 5004 transfers the encryption parameterupdate information UD and the update time to the player 5005. The player5005 stores the update time in the internal memory.

The player 5005 stores the decoding key KpD corresponding to theencryption key KsD in the memory in advance. The encryption parameterupdate information UD is decoded using the decoding key KpD to updatethe encryption parameters X(D), PD, and PrD stored in the base storagesection 50051 and the common key generation section 5005 j (steps S6219and S6220). After this, normal processing is performed.

The encryption parameter update processing is ended. Encryptionparameter update is performed for all cards (all cards issued to theuser) inserted into the license issuing device 5003. Therefore,encryption parameter update influences all card adapters 5004 to whichthe card P with updated encryption parameters and all players 5005connected to the card adapters 5004.

The card adapter 5004 and the player 5005 may be sometimes constitutedas a single device (to be referred to as a second player hereinafter). Aprocedure of distributing license information containing a disk key inthis case will be briefly described with reference to FIGS. 133 and 141.In FIG. 133, disk ID transfer processing (steps x13 and x14) and diskkey transfer processing (steps x18 and x19) between the card adapter5004 and the player 5005 can be omitted. The card adapter ID to betransferred to the license issuing device 5003 through the card P instep x5 is the ID (PID) of the second player.

In FIG. 141 as well, disk ID transfer processing (steps y11 and y12) anddisk key transfer processing (steps y14 and y15) between the cardadapter 5004 and the player 5005 can be omitted. The card adapter ID tobe transferred to the license issuing device 5003 through the card P instep y7 is the ID (PID) of the second player.

The remaining processes are the same as described above.

As described above, according to the fifth embodiment, the disk keynecessary for decoding contents information can be safely distributedfrom the distribution source (the license creation device and thelicense issuing device) to the distribution destination (the cardadapter and the player).

As described above, the present invention provides apparatuses andmethods relating to recording medium such as DVD as follows:

An information recording apparatus comprises encryption section forencrypting contents information, license information generation sectionfor generating encrypted license information containing at least alicense condition for limiting use of the contents information and adecoding key for decoding the contents information, and recordingsection for recording, on a recording medium, the contents informationencrypted by the encryption section and the license informationgenerated by the license information generation section.

An information recording apparatus comprises separation section forseparating a part from contents information, license informationgeneration section for generating an encrypted license informationcontaining at least the part of information separated by the separationsection and a license condition for limiting use of the contentsinformation, and recording section for recording, on a recording medium,the license information generated by the license information generationsection and the remaining part of contents information.

An information recording apparatus comprises recording informationgeneration section for generating encrypted recording informationcontaining contents information and at least a license condition forlimiting use of the contents information, and recording section forrecording the recording information generated by the recordinginformation generation section on a recording medium.

An information reproducing apparatus comprises section for receiving arecording medium on which encrypted contents information, and licenseinformation containing at least a license condition for limiting use ofthe contents information and first key information for decoding thecontents information are recorded, storage section for storing secondkey information for decoding the license information, first decodingsection for decoding the license information recorded on the recordingmedium using the second key information stored in the storage section,decision section for deciding, on the basis of the license conditioncontained in the license information decoded by the first decodingsection, whether the contents information can be used, and seconddecoding section for decoding the contents information recorded on therecording medium using the first key information contained in thelicense information decoded by the first decoding section when thedecision section decides that the contents information can be used.

An information reproducing apparatus comprises section for receiving arecording medium on which part of contents information and encryptedlicense information containing at least a license condition for limitinguse of the contents information and the remaining part of the contentsinformation are recorded, storage section for storing key informationfor decoding the license information, decoding section for decoding thelicense information recorded on the recording medium using the keyinformation stored in the storage section, decision section fordeciding, on the basis of the license condition contained in the licenseinformation decoded by the decoding section, whether the contentsinformation can be used, and reproduction section for synthesizing thepart of contents information contained in the license informationdecoded by the decoding section with the part of contents informationrecorded on the recording medium and reproducing the contentsinformation when the decision section decides that the contentsinformation can be used.

An information reproducing apparatus comprises section for receiving arecording medium on which encrypted recording information containing atleast contents information and a license condition for limiting use ofthe contents information is recorded, storage section for storing keyinformation for decoding the recording information, decoding section fordecoding the recording information recorded on the recording mediumusing the key information stored in the storage section, decisionsection for deciding, on the basis of the license condition contained inthe recording information decoded by the decoding section, whether thecontents information can be used, and reproduction section forreproducing the contents information decoded by the decoding sectionwhen the decision section decides that the contents information can beused.

The license condition contains at least an expiration date of thecontents information, and the decision section has instrument sectionfor measuring a date, and compares the date measured by the instrumentsection with the expiration date to decide whether the contentsinformation can be used.

The license condition contains at least an expiration date of thecontents information, and the decision section has instrument sectionfor measuring a date and update disabling section for disabling updateof the date measured by the instrument section, and compares the datemeasured by the instrument section with the expiration date to decidewhether the contents information can be used.

The license condition contains at least an expiration date of thecontents information, and the decision section has instrument sectionfor measuring a date, reception section for receiving encrypted updateinformation for updating the date measured by the instrument section,and update section for decoding the encrypted update informationreceived by the reception section and updating the date measured by theinstrument section on the basis of the decoded update information, andcompares the date measured by the instrument section with the expirationdate to decide whether the contents information can be used.

The license condition contains at least an expiration date of thecontents information and a recording date when the information has beenrecorded on the recording medium, and the decision section hasinstrument section for measuring a date, and compares the date measuredby the instrument section, the expiration date, and the recording datewith each other to decide whether the contents information can be used.

The license condition contains at least a contents informationidentifier for identifying the contents information, and the apparatusfurther comprises request section for requesting fee payment for use ofcontents information corresponding to the contents informationidentifier when the decision section decides that the contentsinformation can be used, and update section for updating at least thelicense condition recorded on the recording medium when fee payment forthe request is confirmed.

The license condition contains at least an expiration date of thecontents information, the apparatus further comprises license conditionupdate section for adding a decoder unit identifier of a unit capable ofdecoding the license information to the license condition when thelicense condition contains no decoder unit identifier for identifyingthe unit capable of decoding the license information, and the decisionsection decides, on the basis of the expiration date and the decoderunit identifier, whether the contents information can be used.

The license condition contains at least an expiration date of thecontents information, the apparatus further comprises license conditionupdate section for adding a decoder unit identifier of a unit capable ofdecoding the recording information to the license condition when thelicense condition contains no decoder unit identifier for identifyingthe unit capable of decoding the recording information, and the decisionsection decides, on the basis of the expiration date and the decoderunit identifier, whether the contents information can be used.

The license condition contains at least a medium identifier foridentifying a recording medium capable of recording the contentsinformation, and the decision section decides, on the basis of themedium identifier, whether the contents information can be used.

An information reproducing apparatus comprises section for receiving arecording medium on which encrypted contents information and licenseinformation containing at least a license condition for limiting use ofthe contents information and first key information for decoding thecontents information are recorded, instrument section for measuring adate, decision section for deciding, on the basis of the date measuredby the instrument section and the license information recorded on therecording medium, whether the contents information can be used, andinformation reproduction section for, when the decision section decidesthat the contents information can be used, decoding and reproducing thecontents information recorded on the recording medium using the firstkey information output from the decision section, wherein informationfor notifying the decision section of the date from the instrumentsection and the first key information output from the decision sectionto the information reproduction section are encrypted.

The information for notifying the decision section of the date from theinstrument section is encrypted using key information common toencryption and decoding.

The information for notifying the decision section of the date from theinstrument section is encrypted and decoded using key informationgenerated by the instrument section and the decision section,respectively.

The information for notifying the decision section of the date from theinstrument section is encrypted and decoded using key informationgenerated on the basis of first key generation information held in theinstrument section and the decision section and random numbers mutuallynotified between the instrument section and the decision section.

The first key information output from the decision section to theinformation reproduction section is encrypted using key informationcommon to encryption and decoding.

The first key information output from the decision section to theinformation reproduction section is encrypted and decoded using keyinformation generated by the decision section and the informationreproduction section, respectively.

The first key information output from the decision section to theinformation reproduction section is encrypted and decoded using keyinformation generated on the basis of second key generation informationheld in the decision section and the information reproduction sectionand random numbers mutually notified between the decision section andthe information reproduction section.

Only when the information for notifying of the date is decoded to revealthat the information has a predetermined data format, the decisionsection uses the information to decide whether the contents informationcan be used.

Only when time until arrival of the information for notifying of thedate is measured to reveal that the time falls within a predeterminedvalue, the decision section uses the information to decide whether thecontents information can be used.

The decision section comprises storage section for storing a pair ofsecond key information for encrypting the license information and thirdkey information for decoding the license information, the third keyinformation corresponding to the second key information, and decodingsection for retrieving the third key information from the storagesection on the basis of identification information of the third keyinformation, which is recorded on the recording medium, to decode thelicense information, and at least part of the pair of the second keyinformation and third key information stored in the storage section isupdated.

The decision section comprises storage section for storing a pair ofsecond key information for encrypting the license information and thirdkey information for decoding the license information, the third keyinformation corresponding to the second key information, and decodingsection for retrieving the third key information from the storagesection on the basis of identification information of the third keyinformation, which is recorded on the recording medium, to decode thelicense information, and at least part of the pair of the second keyinformation and third key information stored in the storage section isunique to each decision section.

An accounting apparatus for charging for use of contents informationrecorded on a recording medium, comprises input section for inputting alicense condition of the contents information recorded on the recordingmedium, fee claiming section for claiming a fee for use of the contentsinformation on the basis of the license condition input by the inputsection, and recording section for, upon confirming fee payment inresponse to the claim, recording license information containing at leastthe license condition input by the input section on the recordingmedium.

An accounting apparatus comprises reproduction section for reproducingencrypted license information from a recording medium on which contentsinformation and the encrypted license information containing at least alicense condition for limiting use of the contents information arerecorded, decoding section for decoding the encrypted licenseinformation reproduced by the reproduction section, license conditioninput section for inputting a license condition for use of the contentsinformation, fee claiming section for claiming a fee for use of thecontents information on the basis of the license condition input by thelicense condition input section, update section for, upon confirming feepayment in response to the claim, updating the license informationdecoded by the decoding section, on the basis of the license conditioninput by the license condition input section, encryption section forencrypting the license information updated by the update section, andoutput section for outputting the license information encrypted by theencryption section.

A decision apparatus comprises section for receiving license informationcontaining at least a license condition for limiting use of contentsinformation and first key information for decoding the contentsinformation, key generation section for generating, every predeterminedtime, second key information for decoding the license information,decoding section for decoding the input license information using thesecond key information generated by the key generation section, decisionsection for deciding, on the basis of the license condition contained inthe license information decoded by the decoding section, whether thecontents information can be decoded, and output section for outputtingthe first key information contained in the license information decodedby the decoding section when the decision section decides that thecontents information can be used.

The key generation section generates a public key used to encrypt thelicense information and a secret key for decoding the licenseinformation, the secret key corresponding to the public key, theapparatus further comprises update request section for, when thedecision section decides that the contents information cannot be used,supplying at least newly designated license condition and a public keynewly generated by the key generation section to request update of thelicense information, and the license information updated in response tothe license information update request from the update request sectionis encrypted using the public key newly generated by the key generationsection and supplied together with the update request.

The key generation section generates the second key information on thebasis of time information every predetermined time.

A decision apparatus comprises section for receiving encrypted licenseinformation containing at least a license condition for limiting use ofcontents information, encrypted first key information for decoding thecontents information, and first key generation information necessary forgenerating second key information for decoding the encrypted first keyinformation, decoding section for decoding the license information,decision section for deciding, on the basis of the license conditioncontained in the license information decoded by the decoding section,whether the contents information can be used, and output section foroutputting the encrypted first key information and the first keygeneration information, which are contained in the license informationdecoded by the decoding section, when the decision section decides thatthe contents information can be used.

The decision apparatus comprises update request section for, when thedecision section decides that the contents information cannot be used,notifying at least a newly designated license condition and second keygeneration information necessary for generating the second keyinformation to request update of the license information, the second keygeneration information being unique to a usage device of the contentsinformation and acquired from the usage device, thereby updating thelicense condition, the first key generation information, and the secondkey information upon receiving the license information update requestfrom the update request section.

A decision apparatus comprises section for receiving encrypted licenseinformation containing at least a license condition for limiting use ofcontents information, encrypted first key information for decoding thecontents information, and first key generation information necessary forgenerating second key information for decoding the encrypted first keyinformation, key generation section for generating third key informationfor decoding the license information every predetermined time, decodingsection for decoding the input license information using the third keyinformation generated by the key generation section, decision sectionfor deciding, on the basis of the license condition contained in thelicense information decoded by the decoding section, whether thecontents information can be decoded, and output section for outputtingthe encrypted first key information and the first key generationinformation, which are contained in the license information decoded bythe decoding section, when the decision section decides that thecontents information can be used.

The key generation section generates a public key used to encrypt thelicense information and a secret key for decoding the licenseinformation, the secret key corresponding to the public key, and theapparatus further comprises update request section for, when thedecision section decides that the contents information cannot be used,notifying at least a newly designated license condition and second keygeneration information necessary for generating the second keyinformation and the public key newly generated by the key generationsection to request update of the license information, the second keygeneration information being unique to a usage device of the contentsinformation and acquired from the usage device, thereby updating thelicense condition, the first key generation information, and the secondkey information upon receiving the license information update requestfrom the update request section, and encrypting the update licenseinformation using the public key newly generated by the key generationsection and supplied together with the update request.

The key generation section generates third key information on the basisof time information every predetermined time.

A decision apparatus comprises section for receiving license informationcontaining at least information obtained by encrypting, using second keyinformation, a license condition for limiting use of contentsinformation and first key information for decoding the contentsinformation, and key generation information necessary for generating atleast the second key information, key generation section for generatingthe second key information on the basis of the key generationinformation contained in the input license information, decoding sectionfor decoding the license condition and the first key informationcontained in the license information using the second key informationgenerated by the key generation section, decision section for deciding,on the basis of the license condition decoded by the decoding section,whether the contents information can be used, and output section foroutputting the first key information decoded by the decoding sectionwhen the decision section decides that the contents information can beused.

A decision apparatus comprises section for inputting license informationcontaining at least information obtained by encrypting, using second keyinformation, a license condition for limiting use of contentsinformation and first key information for decoding the contentsinformation, and two pieces of key generation information necessary forgenerating at least the second key information, key generation sectionfor generating the second key information on the basis of the two piecesof key generation information contained in the input licenseinformation, decoding section for decoding the license condition and thefirst key information contained in the license information using thesecond key information generated by the key generation section, decisionsection for deciding, on the basis of the license condition decoded bythe decoding section, whether the contents information can be used,output section for outputting the first key information decoded by thedecoding section when the decision section decides that the contentsinformation can be used, and update request section for, when thedecision section decides that the contents information cannot be used,supplying at least one of the two pieces of key generation informationor information obtained by updating the one key generation informationand a newly designated license condition to request update of thelicense information, wherein the license condition, the other keygeneration information, and the second key information are updated uponreceiving the license information update request from the update requestsection.

The license information decoded by the decoding section containscertification information for deciding whether the decoding result iscorrect.

A decision apparatus constituted by a portable recording medium havingan arithmetic function, comprises section for receiving encryptedlicense information read from a recording medium on which encryptedcontents information and the encrypted license information containing atleast a license condition for limiting use of the contents informationand first key information for decoding the contents information arerecorded, and encrypted date information for notifying a date, firstdecoding section for decoding the encrypted license information, seconddecoding section for decoding the encrypted date information, decisionsection for deciding, on the basis of the information decoded by thefirst and second decoding section, whether the contents information canbe used, and output section for encrypting the first key information andoutputting the first key information when the decision section decidesthat the contents information can be used.

The second decoding section performs decoding using key informationgenerated on the basis of first key generation information and a randomnumber, which are held in advance.

The decision section uses the date information decoded by the seconddecoding section to decide whether the contents information can be usedonly when the date information has a predetermined data format.

Only when time until arrival of the encrypted date information ismeasured to reveal that the time falls within a predetermined value, thedecision section uses the date information to decide whether thecontents information can be used.

The decision apparatus further comprises storage section for storing apair of second key information for encrypting the license informationand third key information for decoding the license information, thethird key information corresponding to the second key information, andwherein the first decoding section retrieves the third key informationfrom the storage section on the basis of identification information fordesignating the third key information, the identification informationbeing read from the recording medium, to decode the license information,and at least part of the pair of the second and third key informationstored in the storage section is updated.

The decision apparatus further comprises storage section for storing apair of second key information for encrypting the license informationand third key information for decoding the license information, thethird key information corresponding to the second key information, andwherein the first decoding section retrieves the third key informationfrom the storage section on the basis of identification information ofthe third key information, which is recorded on the recording medium, todecode the license information, and at least part of the pair of thesecond and third key information stored in the storage section isupdated.

The decision apparatus further comprises storage section for storing apair of second key information for encrypting the license informationand third key information for decoding the license information, thethird key information corresponding to the second key information, andwherein the first decoding section retrieves the third key informationfrom the storage section on the basis of identification information ofthe third key information, which is recorded on the recording medium, todecode the license information, and at least part of the pair of thesecond and third key information stored in the storage section is uniqueto each decision section.

A decision apparatus comprises section for receiving encrypted licenseinformation containing at least a license condition for limiting use ofcontents information and first key information for decoding the contentsinformation, key generation section for generating second keyinformation for decoding the license information on the basis of firstkey generation information distributed by broadcasting, decoding sectionfor decoding the input license information using the second keyinformation generated by the key generation section, decision sectionfor deciding, on the basis of the license condition contained in thelicense information decoded by the decoding section, whether thecontents information can be used, and output section for outputting thefirst key information contained in the license information decoded bythe decoding section when the decision section decides that the contentsinformation can be used.

The decision apparatus further comprises storage section for storinginput encrypted license information, and selection section for selectingencrypted license information corresponding to the contents informationfrom the encrypted license information stored in the storage section,and wherein the decoding section decodes the encrypted licenseinformation selected by the selection section.

The decision apparatus further comprises storage section for storinginput encrypted license information, and selection section forselecting, on the basis of a predetermined priority order of types oflicense information, encrypted license information corresponding to thecontents information from the encrypted license information stored inthe storage section, and wherein the decoding section decodes theencrypted license information selected by the selection section.

A decision apparatus comprises section for receiving encrypted licenseinformation containing at least a license condition for limiting use ofcontents information and first key information for decoding the contentsinformation, first storage section for storing a first secret parametershared with a license information distribution device, first keygeneration section for generating second key information on the basis ofthe first secret parameter stored in the first storage section and afirst public parameter exchanged with the distribution device, firstdecoding section for decoding the received encrypted license informationusing the second key information generated by the first key generationsection, decision section for deciding, on the basis of the licensecondition contained in the license information decoded by the firstdecoding section, whether the contents information can be used, andoutput section for outputting the first key information contained in thelicense information decoded by the decoding section when the decisionsection decides that the contents information can be used.

The decision apparatus the output section comprises second storagesection for storing a second secret parameter shared with an informationusage device which uses the contents information, and second keygeneration section for generating third key information on the basis ofthe second secret parameter stored in the second storage section and asecond public parameter exchanged with the information usage device, andencrypts the first key information using the third key informationgenerated by the second key generation section and outputs the first keyinformation.

The decision apparatus further comprises third storage section forstoring a third secret parameter shared with an information usage devicewhich uses the contents information, first reception section forreceiving, from the information usage device, encrypted identificationinformation of a first recording medium on which the contentsinformation is recorded, third key generation section for generatingfourth key information on the basis of the third secret parameter storedin the third storage section and a third public parameter exchanged withthe information usage device, and second decoding section for decodingthe encrypted identification information received by the first receptionsection using the fourth key information generated by the third keygeneration section, and wherein the decision section decides, on thebasis of the identification information decoded by the second decodingsection and the decoded license information, whether the contentsinformation can be used.

In the decision apparatus communication with the distribution device isperformed through a recording medium having an arithmetic function.

In the decision apparatus, communication with the distribution device isperformed through a recording medium having an arithmetic function, theapparatus further comprises fourth storage section for storing a fourthsecret parameter shared with the recording medium, second receptionsection for receiving encrypted identification information of therecording medium from the recording medium, fourth key generationsection for generating fifth key information on the basis of the fourthsecret parameter stored in the fourth storage section and a fourthpublic parameter exchanged with the recording medium, and third decodingsection for decoding the encrypted identification information receivedby the second reception section using the fifth key informationgenerated by the fourth key generation section, and the decision sectiondecides, on the basis of the identification information decoded by thethird decoding section and the decoded license information, whether thecontents information can be used.

An update apparatus comprises a decision device for deciding, on thebasis of license information containing at least a license condition forlimiting use of contents information and key information for decodingthe contents information, whether the contents information can be used,the license information being encrypted using a public key, updatesection for updating the license information on the basis of a requestfor updating the license information upon receiving at least a newlydesignated license condition and an updated public key from the decisiondevice, and encryption section for encrypting the updated licenseinformation using the supplied public key.

An update apparatus comprises a decision device for deciding, on thebasis of encrypted license information containing at least a licensecondition for limiting use of contents information, encrypted first keyinformation for decoding the contents information, and first keygeneration information necessary for generating second key informationfor decoding the encrypted first key information, whether the contentsinformation can be used, and update section for updating the licenseinformation on the basis of a request for updating the licenseinformation, upon receiving at least a newly designated licensecondition and second key generation information necessary for generatingthe second key information from the decision device,

wherein the update section updates the license condition and the firstkey generation information, updates the second key information on thebasis of the updated first key generation information and the second keygeneration information, encrypts the first key information using theupdated second key information to generate encrypted license informationcontaining at least the updated license condition, the first keyinformation encrypted using the updated second key information, and theupdated first key generation information.

An update apparatus comprises a decision device for deciding, on thebasis of license information encrypted using a public key and containingat least a license condition for limiting use of contents information,encrypted first key information for decoding the contents information,and first key generation information necessary for generating second keyinformation for decoding the encrypted first key information, whetherthe contents information can be used, and update section for updatingthe license information on the basis of a request for updating thelicense information upon receiving at least a newly designated licensecondition, second key generation information necessary for generatingthe second key information, and an updated public key from the decisiondevice, wherein the update section updates the license condition and thefirst key generation information, updates the second key information onthe basis of the updated first key generation information and the secondkey generation information, encrypts the first key information using theupdated second key information to generate license informationcontaining at least the updated license condition, the first keyinformation encrypted using the updated second key information, and theupdated first key generation information, and encrypts the generatedlicense information using the supplied public key.

An update apparatus comprises decision section for deciding, on thebasis of license information containing at least information obtained byencrypting a license condition for limiting use of contents informationand first key information for decoding the contents information usingsecond key information, and two pieces of key generation informationnecessary for generating the second key information, whether thecontents information can be used, and update section for updating thelicense information on the basis of a request for updating the licenseinformation upon receiving at least one of the two pieces of keygeneration information or information obtained by updating the other keygeneration information and a newly designated license condition from thedecision section, wherein the update section updates the licensecondition and the other key generation information and updates thesecond key information on the basis of the updated other key generationinformation and the supplied one key information to generate informationobtained by encrypting at least the updated license condition and thefirst key information using the updated second key information, andlicense information containing at least the supplied one key generationinformation and the updated other key generation information.

An information usage apparatus comprises section for receiving encryptedfirst key information for decoding encrypted contents information andfirst key generation information necessary for generating second keyinformation for decoding the first key information, and section forholding second key generation information necessary for generating thesecond key information for decoding the first key information,generating the second key information on the basis of the second keygeneration information and the input first key generation information,and decoding the encrypted contents information using the generatedsecond key information.

An information usage apparatus comprises section for receiving encryptedlicense information containing at least a license condition for limitinguse of contents information and first key information for decoding thecontents information, first storage section for storing a first secretparameter shared with a license information distribution device, firstkey generation section for generating second key information on thebasis of the first secret parameter stored in the first storage sectionand a first public parameter exchanged with the distribution device,first decoding section for decoding the received encrypted licenseinformation using the second key information generated by the first keygeneration section, decision section for deciding, on the basis of thelicense condition contained in the license information decoded by thefirst decoding section, whether the contents information can be used,and second decoding section for decoding the contents information usingthe first key information contained in the license information decodedby the first decoding section when the decision section decides that thecontents information can be used.

The information usage apparatus further comprises second storage sectionfor storing third key information for decoding first encryptioninformation containing at least the first key information and thelicense condition, the first encryption information being encrypted andcontained in the license information, and second decoding section fordecoding the first encryption information contained in the licenseinformation decoded by the decoding section, using the third keyinformation stored in the second storage section.

In the information usage apparatus, communication with the distributiondevice is performed through a recording medium having an arithmeticfunction.

In the information usage apparatus communication with the distributiondevice is performed through a recording medium having an arithmeticfunction, the apparatus further comprises third storage section forstoring a second secret parameter shared with the recording medium,reception section for receiving encrypted identification information ofthe recording medium from the recording medium, fourth key generationsection for generating fourth key information on the basis of the secondsecret parameter stored in the third storage section and a second publicparameter exchanged with the recording medium, and third decodingsection for decoding the encrypted identification information receivedby the reception section using the fourth key information generated bythe fourth key generation section, and the decision section decides, onthe basis of the identification information decoded by the thirddecoding section and the decoded license information, whether thecontents information can be used.

A key distribution apparatus comprises first storage section for storingfirst key information necessary for decoding encrypted contentsinformation recorded on a recording medium and a first secret parametershared with an information usage device which uses the contentsinformation, first key generation section for generating second keyinformation on the basis of the first secret parameter stored in thefirst storage section and a first public parameter exchanged with theinformation usage device, encryption section for encrypting encryptedfirst encryption information containing at least the first keyinformation using the second key information generated by the first keygeneration section, and distribution section for distributing secondencryption information encrypted by the encryption section andcontaining at least the first encryption information to the informationusage device.

In the information usage apparatus, the first encryption informationcontains a license condition for limiting use of the contentsinformation.

In the information usage apparatus, the second encryption informationcontains a license condition for limiting use of the contentsinformation.

The information usage apparatus further comprises second storage sectionfor storing a second secret parameter shared with the information usagedevice, reception section for receiving encrypted identificationinformation of the information usage device from the information usagedevice, second key generation section for generating third keyinformation on the basis of the second secret parameter stored in thesecond storage section and a second public parameter exchanged with theinformation usage device, and first decoding section for decoding theencrypted identification information of the information usage device,which is received by the reception section, using the third keyinformation generated by the second key generation section, and whereinthe encryption section encrypts the identification information of theinformation usage device, which is decoded by the first decodingsection, together with the first encryption information using the secondkey information to generate the second encryption information.

In the information usage apparatus, communication with the informationusage device is performed through a recording medium having anarithmetic function.

In the information usage apparatus, communication with the informationusage device is performed through a recording medium having anarithmetic function, the apparatus further comprises third storagesection for storing a third secret parameter shared with the recordingmedium, reception section for receiving encrypted identificationinformation of the recording medium from the recording medium, third keygeneration section for generating fourth key information on the basis ofthe third secret parameter stored in the third storage section and athird public parameter exchanged with the recording medium, and seconddecoding section for decoding the encrypted identification informationof the recording medium, which is received by the reception section,using the fourth key information generated by the third key generationsection, and the encryption section encrypts the identificationinformation of the recording medium, which is decoded by the seconddecoding section, together with the first encryption information usingthe second key information to generate the second encryptioninformation.

A recording medium having an arithmetic function, on which encryptedlicense information containing at least a license condition for limitinguse of contents information and first key information for decoding thecontents information is recorded, comprises first storage section forstoring a first secret parameter shared with a license informationrecording device and a second secret parameter shared with a decisiondevice for deciding on the basis of the license information whether thecontents information can be used, second storage section for storingidentification information given in advance, first key generationsection for generating second key information on the basis of the firstsecret parameter stored in the first storage section and a first publicparameter exchanged with the recording device, first encryption sectionfor encrypting the identification information using the second keyinformation generated by the first key generation section, second keygeneration section for generating third key information on the basis ofthe second secret parameter stored in the first storage section and asecond public parameter exchanged with the decision device, secondencryption section for encrypting the identification information usingthe third key information generated by the second key generationsection, and transmission section for transmitting the identificationinformation encrypted by the first and second encryption section to therecording device and the decision device.

A recording medium having an arithmetic function, on which encryptedlicense information containing at least a license condition for limitinguse of contents information and first key information for decoding thecontents information is recorded, comprises first storage section forstoring a first secret parameter shared with a license informationrecording device and a second secret parameter shared with aninformation usage device which uses the contents information on thebasis of the license information, second storage section for storingidentification information given in advance, first key generationsection for generating second key information on the basis of the firstsecret parameter stored in the first storage section and a first publicparameter exchanged with the recording device, first encryption sectionfor encrypting the identification information using the second keyinformation generated by the first key generation section, second keygeneration section for generating third key information on the basis ofthe second secret parameter stored in the first storage section and asecond public parameter exchanged with the information usage device,second encryption section for encrypting the identification informationusing the third key information generated by the second key generationsection, and transmission section for transmitting the identificationinformation encrypted by the first and second encryption section to therecording device and the information usage device.

Additional advantages and modifications will readily occurs to thoseskilled in the art. Therefore, the invention in its broader aspects isnot limited to the specific details and representative embodiments shownand described herein. Accordingly, various modifications may be madewithout departing from the spirit or scope of the general inventiveconcept as defined by the appended claims and their equivalents.

What is claimed is:
 1. A computer-implemented information recordingmethod for encrypting contents information and for storing the contentsinformation on a storage medium, comprising: encrypting contentsinformation to generate encrypted contents information; merging (a) afirst key for decoding the encrypted contents information and (b) useinformation relevant only to use of the contents information, to producea merged result; encrypting the merged result using a second key toproduce a merged and encrypted result including the first key and theuse information relevant only to use of the contents information, thefirst key and the use information being inseparably combined; andstoring the encrypted contents information together with the merged andencrypted result in the storage medium.
 2. A method according to claim1, wherein the contents information comprises accounting objectinformation.
 3. A method according to claim 2, wherein the accountingobject information comprises a digitized work.
 4. A method according toclaim 1, wherein the step of encrypting the contents informationcomprises encrypting the contents information using a third keycorresponding to the first key to generate encrypted contentsinformation.
 5. A method according to claim 1, wherein the useinformation relevant only to use of the contents information comprises alicense condition.
 6. A method according to claim 5, wherein the licensecondition comprises an expiration date of the accounting objectinformation.
 7. A method according to claim 5, wherein the licensecondition comprises a license information write time.
 8. A methodaccording to claim 5, wherein the license condition comprises a contentsID.
 9. A method according to claim 5, wherein the license conditioncomprises a medium ID.
 10. A method according to claim 5, wherein thelicense condition comprises a decoder unit ID.
 11. Acomputer-implemented information recording system for storing encryptedcontents information on a storage medium, comprising: a contentsinformation input section configured to input encrypted contentsinformation; an encryption section configured to merge (a) a first keyfor decoding the encrypted contents information and (b) informationindicating an ability to use the contents information, to produce amerged result, and configured to encrypt the merged result using asecond key to produce a merged and encrypted result including the firstkey and the use information relevant only to use of the contentsinformation, the first key and the use information being inseparablycombined; a condition input section configured to input to theencryption section the information indicating an ability to use thecontents information; a key input section configured to input the firstkey for decoding the encrypted contents information; and a recordingsection configured to receive the encrypted contents information inputby the contents information input section and the merged and encryptedresult, and configured to store in the storage medium the encryptedcontents information together with the merged and encrypted result. 12.A system according to claim 11, wherein the contents information inputsection comprises an accounting object information input section, andthe contents information comprises accounting object information.
 13. Asystem according to claim 12, wherein the accounting object informationcomprises a digitized work.
 14. A system according to claim 11, whereinthe condition input section comprises a license condition input section,and the use information relevant only to use of the contents informationcomprises a license condition.
 15. A system according to claim 14,wherein the license condition comprises an expiration date of thecontents information.
 16. A system according to claim 14, wherein thelicense condition comprises a license information write time.
 17. Asystem according to claim 14, wherein the license condition comprises acontents ID.
 18. A system according to claim 14, wherein the licensecondition comprises a medium ID.
 19. A system according to claim 14,wherein the license condition comprises a decoder unit ID.
 20. A systemaccording to claim 11, wherein the key input section comprises adecoding key input section.
 21. A system according to claim 11, whereinthe contents information has been encrypted using a third keycorresponding to the first key.
 22. A system according to claim 11,wherein the recording section is further configured to record on thestorage medium the encrypted contents information and the merged andencrypted result.
 23. A system according to claim 22, wherein thestorage medium is one of a DVD-RAM, a DVD-ROM, and a hard disk.
 24. Acomputer-implemented information recording system for encryptingcontents information and for storing the contents information on astorage medium, comprising: means for encrypting contents information togenerate encrypted contents information; means for merging (a) a firstkey for decoding the encrypted contents information and (b) useinformation relevant only to use of the contents information to producea merged result; means for encrypting the merged result using a secondkey to produce a merged and encrypted result including the first key andthe use information relevant only to use of the contents information,the first key and the use information being inseparably combined; andmeans for storing the encrypted contents information together with themerged and encrypted result in the storage medium.
 25. A systemaccording to claim 24, wherein the contents information comprisesaccounting object information.
 26. A system according to claim 25,wherein the accounting object information comprises a digitized work.27. A system according to claim 24, wherein the means for encrypting thecontents information comprises means for encrypting the contentsinformation using a third key corresponding to the first key to generateencrypted contents information.
 28. A system according to claim 24,wherein the use information relevant only to use of the contentsinformation comprises a license condition.
 29. A system according toclaim 28, wherein the license condition comprises an expiration date ofthe accounting object information.
 30. A system according to claim 28,wherein the license condition comprises a license information writetime.
 31. A system according to claim 28, wherein the license conditioncomprises a contents ID.
 32. A system according to claim 28, wherein thelicense condition comprises a medium ID.
 33. A system according to claim28, wherein the license condition comprises a decoder unit ID.
 34. Asystem according to claim 24, wherein the storage medium is one of aDVD-RAM, a DVD-ROM, and a hard disk.
 35. A computer-implementedinformation system for providing encrypted contents information,comprising: a contents information input section configured to inputencrypted contents information; an encryption section configured tomerge (a) a first key for decoding the encrypted contents informationand (b) use information relevant to only use of the contentsinformation, to produce a merged result, and configured to encrypt themerged result using a second key to produce a merged and encryptedresult including the first key and the use information relevant only touse of the contents information, the first key and the use informationbeing inseparably combined; a condition input section configured toinput to the encryption section the use information relevant only to useof the contents information; a key input section configured to input thefirst key for decoding the encrypted contents information; and aproviding section configured to receive the encrypted contentsinformation input by the contents information input section and themerged and encrypted result, and configured to store in the storagemedium the encrypted contents information together with the merged andencrypted result.